by How to Suck at Information Security
Some of my favorites are:
* Require your users to change passwords too frequently.
* Expect your users to remember passwords without writing them down.
* Don’t cross-train the IT and security staff.
* Expect end-users to forgo convenience in place of security.
* Lock down the infrastructure so tightly, that getting work done becomes very difficult.
* Assume that policies don’t apply to executives.
I have seen all of these from time to time, and they have all made me go slightly bonkers. Not always at the time that I saw them, because, well, we were all young and dumb at least once. 🙂