How to Suck at Information Security
Jan 18, 2009, 12:04 (1 Talkback[s])
(Other stories by Lenny Zeltser)
"Create a security policy just to mark a checkbox.
Pay someone to write your security policy without any knowledge of
your business or processes.
Translate policies in a multi-language environment without
consistent meaning across the languages.
Make sure none of the employees finds the policies."