IT Security Myths

827 views

Published on

null Trivandrum Chapter - August 2013 Meet

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
827
On SlideShare
0
From Embeds
0
Number of Embeds
484
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

IT Security Myths

  1. 1. The biggest Information Security myths 9/23/2013 1 Vishnu P, Info. Sec Analyst, EY
  2. 2. Session covers • "misperceptions“ that can shatter the best implemented IT Security plans. • “exaggerations” about the threats that business could face and the security technologies being use. • To sum up, these false assumptions add up to “security myths”. • The ‘Cause’ & ‘Cure’ – busting. 9/23/2013 2
  3. 3. What is a myth? 9/23/2013 3
  4. 4. Myth or Fact? 9/23/2013 4
  5. 5. Myth • An invented or a cooked up story which doesn’t have a valid basis, a proof or a description but people believe in it. 9/23/2013 5
  6. 6. Myth: “It won’t happen to me” • Cause: – Letting employees do whatever they want for cutting down the cost. – We’re so young. So most of our faults and mistakes should be forgiven. • Cure: – Take up the responsibility to address security related requests – Make use of a security classification framework. 9/23/2013 6
  7. 7. Myth: “Security risks can be quantified” • Cause: – The “numbers-oriented culture” – “he who has the biggest numbers wins”. • Cure: – Develop non numeric expressions of risk. – Make sure the BU takes ownerships of its IT-relatd risks. 9/23/2013 7
  8. 8. Myth: “We have physical security (or SSL) so you know your data is safe” • Cause: – Nothing but poor understanding of risk. – Wishful thinking. • Cure: – Ensure security purchases match data requirements. 9/23/2013 8
  9. 9. Myth: “Password expiration and complexity reduces risk” • Causes: – Passwords are not cracked. They are sniffed. • Cure: – ? 9/23/2013 9
  10. 10. Myth: “We can control our people” • Cause: – Misguided belief placed on someone. – BYOD • Cure: – Nothing much to do here. “Regulate” 9/23/2013 10
  11. 11. Myth: “Buy this tool <X> and it will solve all your problems” • Cause: – External search for magic solutions to difficult problems; wishful thinking again! • Cure: – Methodical risk analysis and prioritization. – Multi-year security plan. 9/23/2013 11
  12. 12. Myth: “Encryption is the best way to keep your sensitive files safe” • Cause: – Naïve expectations about a difficult technology. – “magic bullets” to shoot down regulatory concerns. • Cure: – Ensure you have solid experience in cryptography before making decisions and jumping into conclusions. 9/23/2013 12
  13. 13. But, why these myths?? 9/23/2013 13
  14. 14. Why? • Factors that are simply the human propensity (a natural tendency) to over-react in unfamiliar situations. • The common organizational bent to pass the blame to someone else. • Passing the buck, power politics. 9/23/2013 14
  15. 15. Wishful thinking • The illusion that your wishes or desires will become reality just because you desire them so much. • The mistaken belief that what you wish for is actually true. 9/23/2013 15
  16. 16. Thanks to • Matha, Pitha, Google, Dhaivam • Jay Heiser (Analyst, Gartner) • Javvad Malik (Analyst, The 451 Group) 9/23/2013 16

×