Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security IT

How To Suck At Information Security 198

Posted by kdawson from the words-to-the-wise dept.
wiedzmin writes "Great entry in today's SANS Internet Storm Center Handler's Diary — How to suck at Information Security. Some of my favorite points include: 'Assume the users will read the security policy because you've asked them to. Assume that policies don't apply to executives. Make someone responsible for managing risk, but don't give the person any power to make decisions. Expect end-users to forgo convenience in place of security. Hire somebody just because he or she has a lot of certifications. Expect your users to remember passwords without writing them down.' Very entertaining and informative read with total of about 4 dozen points. Now if I could only find a way to get management to read it." There's also a one-page PDF on the author's site.
This discussion has been archived. No new comments can be posted.

How To Suck At Information Security More

How To Suck At Information Security

Comments Filter:

  • Typo? (Score:3, Informative)

    by Jack9 ( 11421 ) on Saturday January 17, 2009 @03:24PM (#26499159)

    Security:

    * Focus on widgets, while omitting to consider the importance of maintaining accountability.

    Can someone clarify?

  • Re:Typo? (Score:5, Informative)

    by mpapet ( 761907 ) on Saturday January 17, 2009 @03:46PM (#26499331) Homepage

    * Focus on widgets, while omitting to consider the importance of maintaining accountability.

    This basically means having lots of things for admins to click on and make reports with. None of which actually improve security. IE7's "security" features and Microsoft's UAC are two good examples.

  • Re:How to get management to read it. (Score:2, Informative)

    by m95lah ( 55920 ) on Saturday January 17, 2009 @03:56PM (#26499437)

    Wow: airing an idea about click-through EULAs on ./

    Are you by any chance doing field trials for fireproof pants?

  • Re:First things first (Score:3, Informative)

    by V!NCENT ( 1105021 ) on Saturday January 17, 2009 @06:46PM (#26500907)

    Indeed! A team of IT admins should just lay down a system that doesn't allow it to be used otherwise. Just encrypt all information on any device and computer and give the boss the password on a piece of paper. Make sure all newly bought IT devices passes through the IT department before it gets into anyones hands in order to 'prepare all technology for safe and secure use'. Take care of the rest of all the problems the same way. Now get some superior/boss to allow you to set up an IT helpdesk 'in order to increase effiency and security and speed up the problem solving process'. After that's done you'll inform the IT helpdesk personell of everything they need to know on how to 'help users in fixing computer issues' *cough*how to change their password so they can login again after four months*cough*.

    If you feel so smart and intelligent then find a smart and intelligent way of dealing with 'dumb' issues.

Slashdot Top Deals

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Close