In many environments, basic security recommendations are not applied consistently. Taking a personal and institutionalized interest in applying basic security principles consistently will mitigate more risk and lead to a more secure environment. Improving existing systems also provides better outcomes than simply adopting new technology. Focus more on the basics, like patch management, password policy and malware blocking, and less on the latest and greatest security products. Truly secure environments are consistency secure and have the basics well covered. And don't forget to pick good metrics.
Learn more about the importance of security basics:
- read the article [1] at InfoWorld
ALSO:
- read this [2] on controlling information access
- and this [3] on IT security
Links:
[1] http://www.infoworld.com/article/07/04/27/18OPsecadvise_1.html
[2] http://www.fiercecio.com/story/controlling-information-access/2007-03-30
[3] http://www.fiercecio.com/story/csi-it-security/2007-03-06