This presentation will cover how ‘bad ideas’ in security continue to perpetuate themselves. John Strand will cover some current ‘bad ideas’ in security (that are actual compliance requirements) and will focus on what companies should be doing to stop actual attacks. He will review the Atomic Controls, a new set of 11 controls that every organisation should focus on before anything else.