Over my 9 years of blogging here at toolbox.com, I have periodically ranted about some of the corporate information security programs that I’ve encountered during my travels. From a ten thousand foot view, information security programs have matured by leaps and bounds – and so have the challenges. Some companies have adequately staffed information security departments that make a good effort at keeping pace, and others are struggling to write their first information security policy.

Back in 2009, I pointed to a list of pet peeves about some information security professionals. Some folks agreed, some felt that I was being a bit harsh.

Now that it’s 2012, I decided to change direction a bit. I’m going to list two of the most common failures that I’ve seen recently while being inside some large organizations, and having direct access to folks that manage their information security and risk management programs.

Read more on Toolbox.com >>