Actually, to anyone in the business, these should be pretty obvious.
Of course, I about read this article on Slashdot, but the Six Dumbest Computer Security Ideas is still worth checking out. I say "still" because getting computer security advice from Slashdot is like getting advice about home alarm systems in the waiting room at a prison. The "real" crooks are somewhere else, but everyone claims they "know someone" and, therefore, have insight. Still, the article is pretty good.
I'm not sure that I agree with point five "Educating Users". I still that that's a good idea, but I sure wouldn't rely on it, mainly because so many users don't want to be educated about computer security. And, I have to admit feeling a little conflicted about some of the issues raised in point four "Hacking is cool". Sure, I don't think we should glamorize hacking so much, but how else am I going to know that my security works if I don't do penetration testing on it? It's like a backup, as far as I'm concerned. Until I've restored data (ie. test my backup scheme), I don't know that it's working. Same thing for my security scheme. Of course, spending a lot of time perfecting those penetration skills probably isn't the best idea, either.
Anyway, it's a good article and worth the read if you do any of this at all in your job. Pay close attention to the "Minor Dumbs" at the end, too.