Among other topics, this IBM discussion document clearly outlines a set of safe practices for browsing Web2.0 sites. The recommendations necessarily assume the user is savvy enough to understand the security implications of active content and the concept of trust. But most users of course are not, and, as the author points out, this contributes a significant non-malicious insider threat to corporate IT systems. He makes the important point that corporate security awareness training should include the "whys" as well as the "don'ts" so that this gap in understanding can be closed.
- Improving Security: What hackers don't want you to know, discussion document by IBM