http://www.infoworld.com/d/security/3-security-mistakes-your-management-making-now-201624 By Roger A. Grimes InfoWorld SEPTEMBER 05, 2012 One of the joys of being a traveling consultant is I get to see what does and doesn't work across a wide range of products and companies. Guess what? The same issues pop up again and again. Here are the three most common big mistakes I see senior management make regarding computer security. Some are errors of omission, others of commission. All of them tend to have severe consequences. Buying vendor hype without testing Almost every computer security product promises the world: Zero false positives! 100 percent accuracy! Hackers banished forever! Those of us in the field know such claims can't be met -- at least not in any practical way. The cost would be impossibly high. For antimalware software to reliably detect 100 percent of all malicious apps, for example, it would take the product 10 times longer to scan, it would slow down your system even more than it already does, and you'd have to put up with an incredible number of false positives. The accuracy level today seems to be the best we can get without reducing our PCs to a crawl and generating excessive false alerts. [...] -- #HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia with no keynotes, no labs - just three tracks filled with our most popular speakers from the last decade: http://conference.hitb.org/Received on Thu Sep 06 2012 - 01:46:55 PDT
This archive was generated by hypermail 2.2.0 : Thu Sep 06 2012 - 01:50:09 PDT