Security is a process that should be continually reviewed.
Organizations should consider the tradeoff between security and convenience when designing a security policy.
User education is critical for a secure environment.
Security audits enable you to monitor security environments in order to revise security policies as needed.
The Open Group, "Common Security: CDSA and CSSM, Version 2": www.opengroup.org/publications/catalog/c914.htm