Seven security mistakes companies make
by Anton Chuvakin
I am usually fascinated with people pointing mistakes in something :-) Here is a cool list of seven security mistakes, quoted from the paper.
"1. Failure to realize that perimeter security is dead
2. Failure to protect laptop computers
3. Failure to institute effective change management
4. Failure to realize the importance of security awareness
5. Failure to implement a defense-in-depth strategy
6. Failure to take the spam and spyware threat seriously
7. Failure to implement a vulnerability management strategy"
I like them since they are more modern than some other similar resources. About the #1, I wouldn't say it is "dead", but it certainly is not the whole story nowadays.