Recently, Ellen Messmer, Network World, posted an interesting article that resulted from her asking security experts, consultants, vendors and enterprise security managers to share their favorite “security myths”.
For many of our readers, who are tasked with developing risk mitigation strategies against security related threats; our staff believes that the information provided by Messmer is an interesting addition to any resource reference library on this timely and critical risk topic for many organizations today.
A quick summary of the 13 security myths presented and discussed by Messmer are as follows:
- More security is always better.
- The DDoS problem is bandwidth-oriented.
- Regular expiration (typically every 90 days) strengthens password systems.
- You can rely on the wisdom of the crowds.
- Client-side virtualization will solve the security problems of ‘bring your own device.
- IT should encourage users to use completely random passwords to increase password strength and they should also require passwords to be changed at least every 30 days.
- Any computer virus will produce a visible symptom on the screen.
- We are not a target.
- Software today isn’t any better than it used to be in terms of security holes.
- Sensitive information transfer via SSL session is secure.
- Endpoint security software is a commodity product.
- Sure, we have a firewall on our network; of course we’re protected!
- You should not upload malware samples found as part of a targeted attack to reputable malware vendors or services.
Please let our readers know your opinions, comments and perhaps additional security myths that you may have encountered recently …..
If applicable, please share this information with those information security, risk and/or crisis management and disaster preparedness team members in your organization.
Click here to view Messmer’s full article on this timely topic for all information security related professionals.