Top 10 Headaches for Information Security Officers and Managers

If you are responsible for some aspect of information security and want to reduce your stress levels, start by changing any of the following that exist in your organization:

1. Servers where ordinary users have privileged accounts.
2. Users who modify their own desktops, especially by installing their own software.
3. No mechanism for scanning the network for vulnerabilities.
4. A single server running everything.
5. No logging of firewalled traffic, no summaries or periodic traffic analysis, and no one looking at denied or rejected packets.
6. Lack of an intrusion detection system.
7. "Temporary" holes made in firewalls to accommodate specific requests.
8. Passwords kept on default settings with no password aging in force.
9. Employees relying upon vendors to tell them of vulnerabilities found in their products rather than using a third-party bug-tracker.
10. An operations team that is not paranoid enough.