A Third of Current Security Practices Useless

Dark Reading has an article reporting on a presentation Peter Tippett gave at the Computer Forensics Show in Washington DC.
He said that IT Security departments are wasting their time and a third of current security practices are useless.
Its not necessarily new thought.
It is really easy to get caught up in the patching hamster wheel.
Its easy to believe that products will solve your security problem.
A lot of security spending and effort is regulation based. Is your data more secure because users are required to have 12 character passwords that are changed every 60 days.
Is hard to get separation and look at security from new angles.