Roger Grimes: Without paperwork, you don’t get any real security. Documenting and enforcing policies and controls is necessary for us to apply all the good advice in our heads. SANS recently released its top 20 Critical Security Controls for review. Each control has many specific “quick win” recommendations. Some are more detailed than others, but they all should be part of any computer security defense. The technical pros are the fiefs and knights, says Grimes. The best security possible across a large number of computers won’t last long.”]