There are lots of good ideas, but there are 2 things you must get a handle on before proceeding:
1. Management Buy-In
2. Culture of the company
The first is the most important. Have you proven your case to them and have complete backing of management to proceed with such a plan? If you happen to call someone out regardless of standing in the company, will upper maangement ask you to let them slide or will they follow through with the predetermined reaction?
The second will dictate how creative you can get. Put up wanted posters with evil looking guys, have contests & give away an iPod every month for something a user does that is positive, be part of the monthly/weekly business meetings to call out those doing well and report on the success of the program... Make it fun, and people will go out of their way to participate.
Then you can turn it into a revenue generator by writing up reports for your sales/management teams that they can in turn take to their clients to show how secure an environment the entire company has. That makes them trust you more. I've even seen it close deals. But if you don't communicate it to sales and management in just that way, they will always see it as a cost center.
Does that help? Or at least spark a conversation?
CISSP, MCSE, CSTA, Security+ SME