The very true and professional points.All are valid. For me following four are obvious as I have the direct experience with these.


1. Trusting people: The biggest threat to your IT security is ALWAYS the trusted employee.
(If the trusted person has done something wrong, he will try to mend it without your knowledge and that may sometimes take to bigger disaster)


4. Incorrectly prioritizing the protection of specific assets: Few of us have the resources to protect everything completely. In the real world, you need to know what the most important things are to your company so you can protect those assets the most. One size does NOT fit all.

(Prioritization is very much important where deadlines and the stipulated timeframe is key to a project)

7. Not properly managing passwords: Make them long and easy to remember -? initial letters of words in a favorite quotation are often a good choice; final letters of those words are even better.

(Passwords can be hacked easily if it is very small and guessable)

8. Supplying help desk support without thoroughly authenticating callers: Social engineering is still a serious threat.

(Some helpdesk personnel do take advantage of the situation )