James McGovern from the Enterprise Architect blog compiled a list of “Ten Mistakes that CIOs consistently make that weaken enterprise security.” The list is simple and straightforward.

The 10 Mistakes Are:

  1. Use process as a substitute for competence
  2. Hope that the problem will go away if you ignore it
  3. Put network engineers in charge of security
  4. Outsource too much
  5. Rely primarily on a firewall and antivirus
  6. Authorize reactive, short-term fixes so problems re-emerge rapidly
  7. Undervalue the cost-savings of security
  8. Fail to deal with operational aspects of security
  9. Fail to understand the relationship of information security to the business problem
  10. Put people in roles and give them titles, but don’t actually train them

A lot of the points have to do with a lax security policy - an inability to define and manage IT security, particularly when it comes to people (as much as process & technology).

Christofer Hoff has added a couple more mistakes to this list including: talking about threats, not risk; avoiding security awareness training; investing for compliance not security, and many more.

Tags: , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati