What security problems are you finding most difficult right now?

I'm trying to avoid the tendancy of assuming that I know the pain you're going through when it comes to applying effective security techniques to your environment and/or that of your customers/clients. What I'm asking for hear is a reality check in the form of feedback to this post listing the things you think we could help you with more - be as specific as you can.

I speak to quite a few people at events and communicate with many others online but every time I do so I hear of different views on how to solve common problems.

How do you get on with security policy for example. I often present on how to make sure information security policies are useful, up to date and relevant to users. Does your information security policy make sense to your users? If not what stops you making it so.

Let me know what you think - I'll research answers from the team and post some suggestions.