3 security mistakes your management is making now

[InfoSec News <alerts () infosecnews org>]

http://www.infoworld.com/d/security/3-security-mistakes-your-management-making-now-201624

By Roger A. Grimes
InfoWorld
SEPTEMBER 05, 2012

One of the joys of being a traveling consultant is I get to see what 
does and doesn't work across a wide range of products and companies. 
Guess what? The same issues pop up again and again.

Here are the three most common big mistakes I see senior management make 
regarding computer security. Some are errors of omission, others of 
commission. All of them tend to have severe consequences.


Buying vendor hype without testing

Almost every computer security product promises the world: Zero false 
positives! 100 percent accuracy! Hackers banished forever! Those of us 
in the field know such claims can't be met -- at least not in any 
practical way. The cost would be impossibly high.

For antimalware software to reliably detect 100 percent of all malicious 
apps, for example, it would take the product 10 times longer to scan, it 
would slow down your system even more than it already does, and you'd 
have to put up with an incredible number of false positives. The 
accuracy level today seems to be the best we can get without reducing 
our PCs to a crawl and generating excessive false alerts.

[...]


--
#HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia
with no keynotes, no labs - just three tracks filled with our most
popular speakers from the last decade: http://conference.hitb.org/