« Crafting a Security RFP | Main | Oracle to issue 41 patches on January 13th »

How to Suck at Information Security

Lenny Zeltser from dshield has posted an amusing list of ways to suck at information security broken up
in the following categories.

- Security Policy and Compliance
Security Tools
Risk Management
Security Practices
Password Management

Here's a snippet

"Security Tools

  • Deploy a security product out of the box without tuning it.
  • Tune the IDS to be too noisy, or too quiet.
  • Buy security products without considering the maintenance and implementation costs.
  • Rely on anti-virus and firewall products without having additional controls.
  • Run regular vulnerability scans, but don’t follow through on the results."

Read the list: http://isc.sans.org/diary.html?storyid=5644


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Post a comment

Remember personal info?