bill - 2:15 am on Jul 23, 2009 (gmt 0)

An interesting article I just came across that outlines some more points:

Opinion: Top 11 things to learn from Twitter security [computerworld.com] 1. Don't be afraid to suspend accounts that present a risk to you and your users. 2. Doing one thing right doesn't make you good at -- does not even mean you understand -- security. 3. Single sign-on should be limited. 4. Sensitive information must be stored internally. 5. Access control must be implemented. 6. Web-based password reset schemes are not appropriate for a corporate environment. 7. Implement misuse and abuse detection. 8. Security must be proactive. 9. You must control your own forensics data. 10. Social networking can cripple an organization. 11. If an idiot can do this, what will a savvy criminal be capable of?