CGISecurity Logo

How to Suck at Information Security

Lenny Zeltser from dshield has posted an amusing list of ways to suck at information security broken up
in the following categories.

Security Policy and Compliance
Security Tools
Risk Management
Security Practices
Password Management

Here's a snippet

"Security Tools

  • Deploy a security product out of the box without tuning it.
  • Tune the IDS to be too noisy, or too quiet.
  • Buy security products without considering the maintenance and implementation costs.
  • Rely on anti-virus and firewall products without having additional controls.
  • Run regular vulnerability scans, but don’t follow through on the results."


Read the list: http://isc.sans.org/diary.html?storyid=5644