Last, but not least, users need training in the correct use of the system. Untrained users can intentionally or unintentionally subvert security policies through lack of training.
