This is an article I've been wanting to post on here for quite a while. This article discusses the major fundamental security rules, based on processes and policies rather than technology. A lot of this, honestly, is common sense, but unfortunately it's the simple things like this that are so often overlooked.
Traditionally, people look at the infosec field as something to do about firewalls and antivirus. They treat technology as THE solution, instead of simply the enabler. And it’s this fallacy that weakens any security implementation. Security is a process, not a product… and should be treated as such. Through the security lifecycle, policy and procedure needs to take precedence over implementation. It’s a bigger part of the circle for a reason.
Overall, this is a concise, well thought out, and well written security article, and is definitely a must-read.