awareness improvement demo

[koro69 () yepmail net]

hi list,

I am setting up an awareness improvement demo for an international
financial institution.
I know the subject is not new, but I would like to do something
up-to-date... :-)

I am planning 3 different demos, for different type of users:
- top management;

- IT staff;

- "average" user.


For each type of audience, I am planning different subjects:
- top management: 
                - email: nature of an email: clear text, forged emails - virus 
                - browsing: dangerous mobile codes, privacy (cache, cookies)
                - poor password limits
                - mobility: laptop, PDA, smartphone
                - potentially dangerous technologies: wifi, bluetooth, "blackberry"

- IT staff: 
                - web app security (sql injection, cookies manipulation, etc)
                - "state of the art" attacks: stealth trojan...
                - live hacking of a web server
                - wifi detection, and wep cracking
                - google hacks
                - physical security, hardware keyloggers...

- "average" user: 
                - email: nature of an email: clear text, forged emails - virus 
                - browsing: dangerous mobile codes, privacy (cache, cookies)
                - poor password limits
                - social engineering


I imagine I will set up a couple of laptops, or even a couple of virtual
machines, but I am wondering if the "demo effect" is the same with
virtual 

versus real machines ?


I would be pleased to receive comments on anything in my plan,
including:

- the subjects chosen for each type of audience;

- how to implement them easily; concerning the web app security demo, I
have planned at first to use the excellent "Hacme Bank" from Foundstone,
but I 

think the licence will prevent me from using it :-( . Any idea of a
similar free tool ?

- link to external resources on the subject.

- similar experience of people from this list ;-)


Thanks,


Koro.