http://www.sans.org/resources/mistakes.php

This list was created in October 2001 and I was curious on people's opinions of how far we've come.

The Five Worst Security Mistakes End Users Make

All but number 5 still seem to be hot spots.

The Seven Worst Security Mistakes Senior Executives Make was covered in this thread

http://www.antionline.com/showthread...hreadid=266693

The Ten Worst Security Mistakes Information Technology People Make or should it say competent IT people make.

For a competent Admin all of these should be a non-issue or number 11
Allowing untrained, uncertified people to take responsibility for securing important systems.
has occurred.

The only real issue I see as a big issue is Number 10. I think no matter how competent your IT staff is, there is still a drop off in education. Although if the user's knew everything where would we be?