I thought this was pretty funny because of how true most of it is: How to Suck at Information Security

What struck me was the following line: “Ban the use of external USB drives while not restricting outbound access to the Internet.”

This sums up some of the most egregious mistakes in the information security — taking a vulnerability view versus a threat view of how to secure your infrastructure. USB drives typically pose a relatively small threat to an infrastructure compared with unfettered outbound Internet access, but many organizations I have worked with are doing just that.