2. Re-evaluate your passwords for user identification even if they appear to be working. Long passwords are better than short ones because they're harder to crack, but these also are harder for users to remember without writing them down. Look at these examples of stronger passwords: PaSsWoRd (alternating capital letters); ford6632 (common word with an easy to recall number) or 3lite, wr1t3m3, w1nn13 (hacker-style spelling).

3. Regulate and control your employees' Internet access and usage.

4. As part of your continuing education and awareness program, consider using custom and packaged games and simulations to help your staff experience the effects of negligent security practices.

5. Compartmentalize your internal organizations and departments through the use of access control mechanisms and intranets. Information and resource isolation increases security. Also consider using a secure e-mail system that only lets certain employees contact each other.

6. Subscribe to security-related Internet resources such as security advisories and search key Web sites to stay current. Useful URLs include listservnetspace.org, www.ntbugtraq.com, www.infowar.com and www.techbroker.com.

7. Promptly install and use every operating system, application patch and service kit the vendor releases. Double-check to ensure the new software doesn't negatively effect other systems.

8. Create a group within your company that functions like the Computer Emergency Response Team (CERT), which has become a general term for a group of experts who lead the company through catastrophic computer and network problems. Coordinate with CERTs from your industry around the world to maintain global vigilance.

9. Update and review users' rights in the access control lists. Review and limit access on a periodic basis to keep security controls screwed down tight.

10. Treat security as a process instead of a product. Security implementation isn't a single milestone to check off on a Gant chart and be done with. Develop an internal security process that reflects your changing business needs.