As some of you may know, this year's Gartner Security & Risk Management Summit is going on right now in Washington D.C.
Yesterday, a Gartner analyst revealed a top 10 list of IT Security 'misperceptions' or myths as well as what they believe is the cure for all 10. (Networkworld posted the full article here.) They are as follows:
1. It won't happen to me.
2. Infosec budgets are 10% of IT spend.
3. Security risks can be quantified.
4. We have physical security (or SSL) so we know your data is safe.
5. Password expiration and complexity reduces risk.
6. Moving the CISO outside of IT will automatically ensure good security.
7. Adhering to security practices is the CISO's problem.
8. Buy this 'tool' and it will solve all of your problems.
9. Let's get the policy in place and we are good to go.
10. Encryption is the best way to keep your sensitive files safe.
As an internet and endpoint security company, we have our own myths and cures based on our studies and analyses. I wanted to post this list from Gartner to see what all you IT pros out there think. Do you agree with all of these myths and cures? Some of them? None?
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
If you are really in the IT Security business then I doubt that you'd fall for no. 8 and 9. You should really know better and if you don't then you're obviously not the right person for the job. This is generally the people that read something and think they are immediately a subject expert.