SlideShare a Scribd company logo

Choose your Security battles wisely

Spark Security
Spark Security

Winning over management to support security measures requires tact, preparation -- and a willingness to surrender - Based on https://www.infoworld.com/article/2626730/security/choose-your-security-battles-wisely.html

Technology
1 of 3
Download to read offline
Choose your security battles wisely Winning over management to support security measures requires tact, preparation - and a willingness to surrender Roger Grimes We IT security people have chosen a career in which we know that no matter how hard we strive, we will never win. We have to be perfect; the bad guys only have to be persistent. We can only defend against what we know and have seen; they are free to develop new attack methods at will. We have to accept that we'll spend our careers doing the best job we can -- and we'll still lose. The losses we suffer aren't only to the bad guys. Most new computer- security people aren't prepared for how often they will fight against own company -- and lose. Proactive security people are often seen as anti-business, when the truth is they care very much about the business. I always say that a little tension between the computer security department and the business revenue-generating departments is a good thing. It means both parties are doing their jobs. I'm quite familiar with overzealous computer security people who seem determined to undermine their own careers by escalating every security pushback into war against the establishment. Every lowered security mitigation, in their mind, exposes their organizations to financial ruin -- and makes them a laughingstock in the press. History is replete with examples of people who either muffled their good opinion or saw it ignored, then watched their companies go from billion-dollar leaders to bankrupt in a day. The staff accountant at Enron, the Wall Street power brokers pushing high-risk, worthless financial instruments, or more recently, the BP engineers who watched supervisors falsify safety valve tests are certainly in this group. I bet that senior management -- and investors -- wish
that knowledgeable people had spoken up louder or that their warnings had been heeded. The problem is, too many security people that feel this way about every issue and end up alienating even their biggest, earliest supporters. In reality, if you want to move ahead in a company, there's no better way than to shut up and do what you're told. Fighting back against management is one of the quickest ways to shorten your career trajectory. So when is it time to stand strong on principal in the face of oppressive pressures and how should you do it? It's a fine balancing act. The keys to being a good advocate for your employer are appropriateness, attitude, preparation, and phrasing. The following are some key strategies. Wage wars sparingly. Most of the time the arguments being made by the well- intentioned security folks are technically correct, but in reality, the dangers they cite don't expose the company to much additional risk. For example, I frequently see security engineers writing heated emails over a weakness in the SSL protocol, flimsy password hashes, or unencrypted network connections. All of these things are something to be worried about and could lead to confidential information loss, but it's hard to be worried about those sorts of risks when there are probably a hundred other bigger risks they should be worrying about, including social engineering, fake Trojan programs, and insufficient patching. Realize that most of the big risks you could worry about probably aren't mission-critical in the larger context. Argue against management sparingly. Prepare for the debate. Research the facts of the potential risk and know them better than your adversaries. Be ready for the discussions. Know your adversaries' positions and facts and look for weaknesses. Ahead of time, argue internally against your own facts, to try and find weaknesses, mitigations, and additional problems. The world's best scientists often argued more effectively against themselves than could their adversaries -- Albert Einstein, for example - - and it made them better.
Avoid hyperbole. It's easy to be emotional when you see the company making a big mistake, but you must remove that emotion (most of the time) to be taken seriously by senior management. Don't say things like, "This will absolutely lead to a compromise," or "The company will end up losing tens of millions of dollars a day," or "Our customers will drop like flies." Instead, talk about increased risk and increased likelihood. The truth is that you can't predict the future. Many companies have made poor security decisions but got away without any damages due to luck. Better still, research the risks and the benefits of a particular decision and try to put each into empirical dollars and percentages. Sometimes you won't be able to find hard numbers and will only be able to say something in general, such as, "This will significantly increase the risk of compromise." But if you can put real dollar figures or likelihood of occurrence, it will have greater impact. Never (or very rarely) go above your boss's head. Every time I've seen this done, it has resulted in negative consequences for the well-meaning employee. Management tends to stick together, and violating this often implied protocol could be disastrous to your career. If you are absolutely convinced that your boss is ignoring huge consequences, approach HR or another friendly management person and ask how to handle the situations. Make your best reasonable argument with facts and without emotion. Be prepared to lose the battle -- just make sure your concerns are well documented and that you are trying your best to be an advocate for the company's interest. If they don't act on your idea, let it go. It's out of your control, and it's just another fact of the career of a computer security person. Don't drive yourself insane, and keep fighting the good fight. Fonte: http://www.infoworld.com/d/security-central/choose-your-security-battles- wisely-076?page=0,0 – Acesso em 10 de agosto de 2010

Recommended

OWU2
OWU2OWU2
OWU2
Kimberly Zannotti
 
Lesson plan
Lesson planLesson plan
Lesson plan
s1100756
 
Bagian-Bagian Motherboard
Bagian-Bagian MotherboardBagian-Bagian Motherboard
Bagian-Bagian Motherboard
Eko Kdh Teoritis
 
Seo
SeoSeo
Seo
Alicia Velázquez
 
Logan fry
Logan fryLogan fry
Logan fry
loganfry
 
Colour scheme ideas
Colour scheme ideasColour scheme ideas
Colour scheme ideas
Megan Thornton
 
Cv 2016
Cv 2016Cv 2016
Cv 2016
John Daridson Domingo
 
Standout Subject Lines
Standout Subject LinesStandout Subject Lines
Standout Subject Lines
Sandra Flores Business Solutionist
 

Recommended

OWU2
OWU2OWU2
OWU2
Kimberly Zannotti
 
Lesson plan
Lesson planLesson plan
Lesson plan
s1100756
 
Bagian-Bagian Motherboard
Bagian-Bagian MotherboardBagian-Bagian Motherboard
Bagian-Bagian Motherboard
Eko Kdh Teoritis
 
Seo
SeoSeo
Seo
Alicia Velázquez
 
Logan fry
Logan fryLogan fry
Logan fry
loganfry
 
Colour scheme ideas
Colour scheme ideasColour scheme ideas
Colour scheme ideas
Megan Thornton
 
Cv 2016
Cv 2016Cv 2016
Cv 2016
John Daridson Domingo
 
Standout Subject Lines
Standout Subject LinesStandout Subject Lines
Standout Subject Lines
Sandra Flores Business Solutionist
 
Panorama de Segurança na Internet das Coisas
Panorama de Segurança na Internet das CoisasPanorama de Segurança na Internet das Coisas
Panorama de Segurança na Internet das Coisas
Spark Security
 
Deep Web 101 – Vasculhando as profundezas da Internet
Deep Web 101 – Vasculhando as profundezas da InternetDeep Web 101 – Vasculhando as profundezas da Internet
Deep Web 101 – Vasculhando as profundezas da Internet
Spark Security
 
História, Técnica e Classificação de Algoritmos Esteganográficos
História, Técnica e Classificação de Algoritmos EsteganográficosHistória, Técnica e Classificação de Algoritmos Esteganográficos
História, Técnica e Classificação de Algoritmos Esteganográficos
Spark Security
 
Artigo Científico - Classificação de Técnicas Esteganográficas
Artigo Científico - Classificação de Técnicas EsteganográficasArtigo Científico - Classificação de Técnicas Esteganográficas
Artigo Científico - Classificação de Técnicas Esteganográficas
Spark Security
 
Classificação de Algoritmos Esteganográficos
Classificação de Algoritmos EsteganográficosClassificação de Algoritmos Esteganográficos
Classificação de Algoritmos Esteganográficos
Spark Security
 
Gestão de Risco e Segurança Hospitalar
Gestão de Risco e Segurança HospitalarGestão de Risco e Segurança Hospitalar
Gestão de Risco e Segurança Hospitalar
Spark Security
 
Resposta a Incidentes de Segurança com ferramentas SIEM
Resposta a Incidentes de Segurança com ferramentas SIEMResposta a Incidentes de Segurança com ferramentas SIEM
Resposta a Incidentes de Segurança com ferramentas SIEM
Spark Security
 
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
Spark Security
 
A2 - Aspectos Psicológicos - The Psychology of Security
A2 - Aspectos Psicológicos - The Psychology of SecurityA2 - Aspectos Psicológicos - The Psychology of Security
A2 - Aspectos Psicológicos - The Psychology of Security
Spark Security
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
Spark Security
 
Estratégias para Modelagem de Ameaças
Estratégias para Modelagem de AmeaçasEstratégias para Modelagem de Ameaças
Estratégias para Modelagem de Ameaças
Spark Security
 
Porque a Criptografia é mais difícil do que parece?
Porque a Criptografia é mais difícil do que parece? Porque a Criptografia é mais difícil do que parece?
Porque a Criptografia é mais difícil do que parece?
Spark Security
 
The Psychology Behind Security - ISSA Journal Abril 2010
The Psychology Behind Security - ISSA Journal Abril 2010The Psychology Behind Security - ISSA Journal Abril 2010
The Psychology Behind Security - ISSA Journal Abril 2010
Spark Security
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
FIDO Alliance
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
BrainSell Technologies
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
yogeshlabana357357
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
FIDO Alliance
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
Ivanti
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
Patrick Viafore
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
Pixlogix Infotech
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
IES VE
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
Samy Fodil
 

More Related Content

More from Spark Security

História, Técnica e Classificação de Algoritmos Esteganográficos
História, Técnica e Classificação de Algoritmos EsteganográficosHistória, Técnica e Classificação de Algoritmos Esteganográficos
História, Técnica e Classificação de Algoritmos Esteganográficos
Spark Security
 

More from Spark Security (13)

Panorama de Segurança na Internet das Coisas
Panorama de Segurança na Internet das CoisasPanorama de Segurança na Internet das Coisas
Panorama de Segurança na Internet das Coisas
 
Deep Web 101 – Vasculhando as profundezas da Internet
Deep Web 101 – Vasculhando as profundezas da InternetDeep Web 101 – Vasculhando as profundezas da Internet
Deep Web 101 – Vasculhando as profundezas da Internet
 
História, Técnica e Classificação de Algoritmos Esteganográficos
História, Técnica e Classificação de Algoritmos EsteganográficosHistória, Técnica e Classificação de Algoritmos Esteganográficos
História, Técnica e Classificação de Algoritmos Esteganográficos
 
Artigo Científico - Classificação de Técnicas Esteganográficas
Artigo Científico - Classificação de Técnicas EsteganográficasArtigo Científico - Classificação de Técnicas Esteganográficas
Artigo Científico - Classificação de Técnicas Esteganográficas
 
Classificação de Algoritmos Esteganográficos
Classificação de Algoritmos EsteganográficosClassificação de Algoritmos Esteganográficos
Classificação de Algoritmos Esteganográficos
 
Gestão de Risco e Segurança Hospitalar
Gestão de Risco e Segurança HospitalarGestão de Risco e Segurança Hospitalar
Gestão de Risco e Segurança Hospitalar
 
Resposta a Incidentes de Segurança com ferramentas SIEM
Resposta a Incidentes de Segurança com ferramentas SIEMResposta a Incidentes de Segurança com ferramentas SIEM
Resposta a Incidentes de Segurança com ferramentas SIEM
 
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
 
A2 - Aspectos Psicológicos - The Psychology of Security
A2 - Aspectos Psicológicos - The Psychology of SecurityA2 - Aspectos Psicológicos - The Psychology of Security
A2 - Aspectos Psicológicos - The Psychology of Security
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Estratégias para Modelagem de Ameaças
Estratégias para Modelagem de AmeaçasEstratégias para Modelagem de Ameaças
Estratégias para Modelagem de Ameaças
 
Porque a Criptografia é mais difícil do que parece?
Porque a Criptografia é mais difícil do que parece? Porque a Criptografia é mais difícil do que parece?
Porque a Criptografia é mais difícil do que parece?
 
The Psychology Behind Security - ISSA Journal Abril 2010
The Psychology Behind Security - ISSA Journal Abril 2010The Psychology Behind Security - ISSA Journal Abril 2010
The Psychology Behind Security - ISSA Journal Abril 2010
 

Recently uploaded

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 

Recently uploaded (20)

ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 

Choose your Security battles wisely

  • 1. Choose your security battles wisely Winning over management to support security measures requires tact, preparation - and a willingness to surrender Roger Grimes We IT security people have chosen a career in which we know that no matter how hard we strive, we will never win. We have to be perfect; the bad guys only have to be persistent. We can only defend against what we know and have seen; they are free to develop new attack methods at will. We have to accept that we'll spend our careers doing the best job we can -- and we'll still lose. The losses we suffer aren't only to the bad guys. Most new computer- security people aren't prepared for how often they will fight against own company -- and lose. Proactive security people are often seen as anti-business, when the truth is they care very much about the business. I always say that a little tension between the computer security department and the business revenue-generating departments is a good thing. It means both parties are doing their jobs. I'm quite familiar with overzealous computer security people who seem determined to undermine their own careers by escalating every security pushback into war against the establishment. Every lowered security mitigation, in their mind, exposes their organizations to financial ruin -- and makes them a laughingstock in the press. History is replete with examples of people who either muffled their good opinion or saw it ignored, then watched their companies go from billion-dollar leaders to bankrupt in a day. The staff accountant at Enron, the Wall Street power brokers pushing high-risk, worthless financial instruments, or more recently, the BP engineers who watched supervisors falsify safety valve tests are certainly in this group. I bet that senior management -- and investors -- wish
  • 2. that knowledgeable people had spoken up louder or that their warnings had been heeded. The problem is, too many security people that feel this way about every issue and end up alienating even their biggest, earliest supporters. In reality, if you want to move ahead in a company, there's no better way than to shut up and do what you're told. Fighting back against management is one of the quickest ways to shorten your career trajectory. So when is it time to stand strong on principal in the face of oppressive pressures and how should you do it? It's a fine balancing act. The keys to being a good advocate for your employer are appropriateness, attitude, preparation, and phrasing. The following are some key strategies. Wage wars sparingly. Most of the time the arguments being made by the well- intentioned security folks are technically correct, but in reality, the dangers they cite don't expose the company to much additional risk. For example, I frequently see security engineers writing heated emails over a weakness in the SSL protocol, flimsy password hashes, or unencrypted network connections. All of these things are something to be worried about and could lead to confidential information loss, but it's hard to be worried about those sorts of risks when there are probably a hundred other bigger risks they should be worrying about, including social engineering, fake Trojan programs, and insufficient patching. Realize that most of the big risks you could worry about probably aren't mission-critical in the larger context. Argue against management sparingly. Prepare for the debate. Research the facts of the potential risk and know them better than your adversaries. Be ready for the discussions. Know your adversaries' positions and facts and look for weaknesses. Ahead of time, argue internally against your own facts, to try and find weaknesses, mitigations, and additional problems. The world's best scientists often argued more effectively against themselves than could their adversaries -- Albert Einstein, for example - - and it made them better.
  • 3. Avoid hyperbole. It's easy to be emotional when you see the company making a big mistake, but you must remove that emotion (most of the time) to be taken seriously by senior management. Don't say things like, "This will absolutely lead to a compromise," or "The company will end up losing tens of millions of dollars a day," or "Our customers will drop like flies." Instead, talk about increased risk and increased likelihood. The truth is that you can't predict the future. Many companies have made poor security decisions but got away without any damages due to luck. Better still, research the risks and the benefits of a particular decision and try to put each into empirical dollars and percentages. Sometimes you won't be able to find hard numbers and will only be able to say something in general, such as, "This will significantly increase the risk of compromise." But if you can put real dollar figures or likelihood of occurrence, it will have greater impact. Never (or very rarely) go above your boss's head. Every time I've seen this done, it has resulted in negative consequences for the well-meaning employee. Management tends to stick together, and violating this often implied protocol could be disastrous to your career. If you are absolutely convinced that your boss is ignoring huge consequences, approach HR or another friendly management person and ask how to handle the situations. Make your best reasonable argument with facts and without emotion. Be prepared to lose the battle -- just make sure your concerns are well documented and that you are trying your best to be an advocate for the company's interest. If they don't act on your idea, let it go. It's out of your control, and it's just another fact of the career of a computer security person. Don't drive yourself insane, and keep fighting the good fight. Fonte: http://www.infoworld.com/d/security-central/choose-your-security-battles- wisely-076?page=0,0 – Acesso em 10 de agosto de 2010