How to improve computer security:
Knowing what data and processes need to be protected.
Recognising the threats, judging possible impacts.
Calculating the risks and deciding what risks are acceptable.
Counter measures:
Developing a strategy to reduce the risk to an acceptable level, then implement, test and tune the strategy.
Developing a strategy to reduce the risk to an acceptable level, then implement, test and tune the strategy.
Keep it simple. If security is very complicated, it is unlikely to be effective and likely to be expensive.
Keep it coherent. It is better to have a minimum, coherent level of security than some systems highly protected and other dependant systems wide open.
Keep to standards if possible, it will make choosing and evaluating systems easier and will allow easier definition of inter company standards.