How to Suck at Information Security

Hacker Halted 2010

184
vote

from sans diary
The following list presents common information security mistakes and misconceptions, so you can avoid making them.

Security Policy and Compliance

* Ignore regulatory compliance requirements.
* Assume the users will read the security policy because you've asked them to.
* Use security templates without customizing them.
* Jump into a full-blown adoption of frameworks such as ISO 27001/27002 before you're ready.
Continue reading here....