New Paper "Five basic mistakes of security policy"

Here is a new paper I wrote for ComputerWorld called 'Five basic mistakes of security policy." The actual mistakes are:

1. Not having a policy

2. Not updating the security policy

3. Not tracking compliance with the security policy

4. Having a "tech only" policy

5. Having a policy that is large and unwieldy

Indeed, the stuff is pretty basic, but that is exactly the intention.