So You Failed a Security Audit, Now What?

Confronting your management team with news that your company failed a security audit or assessment may seem embarrassing, but experts say it's not uncommon. Even major organizations have poor records when it comes to computer security -- federal agencies such as the Departments of Commerce, Defense, State and Treasury have repeatedly failed their annual audits, while the Department of Homeland Security improved its efforts slightly, and earned a D this year.

Aside from the obvious irony, it's also an indication of the complexity of security in large organizations. The largest, most popular companies are also the greatest targets for hacks and intrusions -- look at the phishing scams targeting eBay or PayPal, or the code vulnerabilities in Microsoft applications or Oracle systems.