Report Offensive Message
I believe that one of the items that was missed on the list and should really be at the top is end user training. Failing to train the users on security measures, such as, ?Why you shouldn?t open email from unknown senders? or simply ?What is a virus and how to prevent them?? Through education you can gain support from your user community for your security measures.