In big outsourcing offices there are lots of security policies, and most of them are stupid enough. Don't you think so?
On my current job there is policy to change passwords every 3 weeks. What for? My first password was something like "R00mpel$htit$hen", while all the next password are "Anykey1", "Anykey2", ..., "AnykeyN". Same for all guys in my team. So, is office security much stronger now?