Making the
world a
safer place

Myth #8: Security is too expensive

Let’s not kid ourselves – security isn’t cheap.  We have to buy hardware, and software, and staff, and training and auditors, and in each case somebody is putting their hand in your pocket and taking their cut.  But that’s not what this is about.  The myth is that it’s too expensive, that it doesn’t add…

Myth #7: A security review is just an audit

Here’s the thought process behind this myth: security is just risk management; risk management underpins compliance; compliance is driven by audit; audit is well understood.  There are many well defined and accepted audit methodologies for areas such as finance (SOX, SAS 70), process (COBIT) and security (ISO 27001).  Therefore any competent auditor, with an appropriate…

Myth #6: We have good physical security

We have good physical security implemented by guards, guns and gates. All systems are in secure server rooms, located at secure sites, and since the bad guys can’t get to them, they can’t attack them. This myth presupposes good firewalls, so let’s assume that attack from outside is too difficult. Do organisations really have as…

Myth #5: It’s too risky to patch

I can’t count the number of times I’ve been told by a client that it’s too risky to patch. The justifications are varied, but they usually fall into one of these general categories: (a) we can’t afford any downtime; (b) it’s a legacy system; (c) patches have been known to cause problems; or (d) our…

We use cookies on this site to provide you with a better user experience. Read More