Lenny Zeltser from dshield has posted an amusing list of ways to suck at information security broken up
in the following categories.
– Security Policy and Compliance
– Security Tools
– Risk Management
– Security Practices
– Password Management
Here's a snippet
"Security Tools
- Deploy a security product out of the box without tuning it.
- Tune the IDS to be too noisy, or too quiet.
- Buy security products without considering the maintenance and implementation costs.
- Rely on anti-virus and firewall products without having additional controls.
- Run regular vulnerability scans, but don’t follow through on the results."
Read the list: http://isc.sans.org/diary.html?storyid=5644