This post is just to underline the very good reading it is for people in IT. I like it because:
- It does not look for a silver bullet but lists several points that need be addressed.
- It points out, as so many posts on this blog, that you first need to human understand and monitor what you do, before implementing costly solutions.
- It also points out that you need to work on the security of the endpoints (users' machines), especially on updating regularly client software.