Not having a policy
Not updating the security policy
Not tracking compliance with the security policy
Having a "tech only" policy
Having a policy that is large and unwieldy
Friday, February 29, 2008
Here is a new paper I wrote for ComputerWorld called 'Five basic mistakes of security policy." The actual mistakes are:
New Paper "Five basic mistakes of security policy"