Friday, February 29, 2008

New Paper "Five basic mistakes of security policy"

Here is a new paper I wrote for ComputerWorld called 'Five basic mistakes of security policy." The actual mistakes are:

  1. Not having a policy

  2. Not updating the security policy

  3. Not tracking compliance with the security policy

  4. Having a "tech only" policy

  5. Having a policy that is large and unwieldy

Indeed, the stuff is pretty basic, but that is exactly the intention.

No comments:

Dr Anton Chuvakin