Information security mistakes are costly, damaging and all too prevalent. Given the obvious repercussions of poor security strategies (see recent incidents from TJX, AOL, and the VA), one is inclined to believe change agents are in place; however, organizations continue to make seemingly avoidable mistakes when it comes to information security. This is due to misconceptions and common mistakes that are repeated.

This paper introduces five common information security mistakes that organizations make and concludes with recommendations and best practices for building and maintaining a successful information security practice and avoiding these mistakes.

The first step toward enlightenment is knowledge - so here are the top five security mistakes organizations make, in no particular order:

• Over-relying on Network Defenses
• Believing the Hype of Technology/Tools
• Making too Many “People” Assumptions
• Assuming Secure Software is Costly
• Falling into the “Recency ” Trap

Reprinted with Permission http://www.securityinnovation.com