Most computer security practitioners have understood for many years the importance of having an aggressive security awareness training program. As social engineering is involved in 70% to 90% of all successful hacking attacks, not addressing the human element is not an option. Still, some of the regulatory documents have been slow to come around. Not anymore.