Any sufficiently
complex field has a collection of myths associated with it. They appear
to be a normal part of the expansion of the knowledge base, where a premise is
put forward, evaluated, and either accepted or discarded. Myths can be
thought of as the fuel for the scientific method.
However some
myths seem to be cherished even when provably false. This is true in the
individual fields of information technology, psychology and law, and when put
together into the field of information security, they can be more pervasive and
harder to dispel.
In this series
we’ve distilled the feedback we’ve had from 10 years of client conversations,
and come up with the top 10 myths in information security.
Like all myths,
some will be busted, some are plausible and a few even confirmed.Top 10 Information Security Myths
Myth #1: No-one will attack us
Myth #2: We've outsourced our security
Myth #3: We have the best hardware
Myth #4: We comply with PCI DSS
Myth #5: It’s too risky to patch
Myth #6: We have good physical security
Myth #7: A security review is just an audit
Myth #8: Security is too expensive
Myth #9: We trust our staff
Myth #10: We have a security plan
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com
