The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.
Labor force needs and economic conditions are disregarded in our policies. Many aspects of our current policies and procedures are patently wrong. For example, legal immigration has almost no link to U.S. employment needs or economic conditions.