Lenny Zeltser from dshield has posted an amusing list of ways to suck at information security broken up
in the following categories.
- Security Policy and Compliance
- Security Tools
- Risk Management
- Security Practices
- Password Management
Here's a snippet
- Deploy a security product out of the box without tuning it.
- Tune the IDS to be too noisy, or too quiet.
- Buy security products without considering the maintenance and implementation costs.
- Rely on anti-virus and firewall products without having additional controls.
- Run regular vulnerability scans, but don’t follow through on the results."
Read the list: http://isc.sans.org/diary.html?storyid=5644