Yesterday, a Gartner analyst revealed a top 10 list of IT Security 'misperceptions' or myths as well as what they believe is the cure for all 10. (Networkworld posted the full article here.) They are as follows:
1. It won't happen to me.
2. Infosec budgets are 10% of IT spend.
3. Security risks can be quantified.
4. We have physical security (or SSL) so we know your data is safe.
5. Password expiration and complexity reduces risk.
6. Moving the CISO outside of IT will automatically ensure good security.
7. Adhering to security practices is the CISO's problem.
8. Buy this 'tool' and it will solve all of your problems.
9. Let's get the policy in place and we are good to go.
10. Encryption is the best way to keep your sensitive files safe.
As an internet and endpoint security company, we have our own myths and cures based on our studies and analyses. I wanted to post this list from Gartner to see what all you IT pros out there think. Do you agree with all of these myths and cures? Some of them? None?
(Source: Gartner)
