Tripwire’s State of Security blog has an excellent article highlighting 15 information security myths. They include:
1. Product X will solve all our security problems.
“Almost all of the customers I work with will spend much more on technology than they do on people. More often than not the spend on technology is on complex expert systems that require specialist knowledge to deploy and maintain. While it’s possible to send people on a product specific course there’s often very little knowledge sharing after the event and I’ve yet to see anywhere that pays more than lip service to retaining people a while after that investment.” – Steve Lord (@SteveLord)
2. But we’re so young.
“We are getting pretty good at fooling ourselves that we are a young industry and most of our faults and mistakes should be forgiven on that premise alone. I don’t agree with that view because, and here comes the surprise, almost everything we do, or very similar stuff, has been done before in other fields. There is a wealth of knowledge to be soaked up and applied inside our little bubble from disciplines like law, medicine, psychology, linguistics and so many more! What I would recommend to anybody in information security is to study those disciplines and apply the awesome stuff in our own little realm. Let’s not reinvent the wheel but perfect one that already exists and make it fit our broken vehicle.” – Wim Remes (@WimRemes)
3. We can control our users
“Bring Your own Device (BYoD) really has shown that in the majority of cases one cannot control and it is far better that instead of trying to control the tide to use it for your own purpose. I.e. in BYoD losing control of the device but gaining better control of the data is a win / win scenario, the user gets what they want and infosec loses control of something that they didn’t want, the hardware asset, all the while gaining control of what is really important, the data.” – Quentyn Taylor (@quentynblog)
For the full list of items, click through to the Tripwire article.
15 Myths About Information Security | Tripwire: State of Security