http://www.sans.org/resources/mistakes.php
This list was created in October 2001 and I was curious on people's opinions of how far we've come.
The Five Worst Security Mistakes End Users Make
All but number 5 still seem to be hot spots.
The Seven Worst Security Mistakes Senior Executives Make was covered in this thread
http://www.antionline.com/showthread...hreadid=266693
The Ten Worst Security Mistakes Information Technology People Make or should it say competent IT people make.
For a competent Admin all of these should be a non-issue or number 11
has occurred.Allowing untrained, uncertified people to take responsibility for securing important systems.
The only real issue I see as a big issue is Number 10. I think no matter how competent your IT staff is, there is still a drop off in education. Although if the user's knew everything where would we be?