Top Management Errors that Lead to Computer Security Vulnerabilities

SANS had a survey that discovered the following management errors. See the full report at SANS.

Number Seven:
Pretend the problem will go away if they ignore it.

Number Six:
Authorize reactive, short-term fixes so problems re-emerge rapidly

Number Five:
Fail to realize how much money their information and organizational reputations are worth.

Number Four:
Rely primarily on a firewall.

Number Three:
Fail to deal with the operational aspects of security: make a few fixes and then not allow the follow through necessary to ensure the problems stay fixed

Number Two:
Fail to understand the relationship of information security to the business problem -- they understand physical security but do not see the consequences of poor information security.

Number One:
Assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job.