How to Suck at Information Security

Topics

Tags

Favorite Links

Translate

Security Books

Archives

Recent entries...

Announcing SecTemplates.com release #4: Vulnerability Management Program Release Pack 1.0

Announcing SecTemplates.com release #3: Bug bounty program pack 1.0

Announcing SecTemplates.com release #2: External penetration testing program pack 1.0

Announcing SecTemplates.com and the incident response program pack 1.0

20 years of CGISecurity: What appsec looked like in the year 2000

My experience coleading purple team

oAuth nightmares talk

Extensive IOS hacking guide released by Security Innovation

Presentation: Problems you'll face when building a software security program

Google's intentions are good, but implementation leave MORE users vulnerable to hacking than before

Twitter

Sponsored Ads

Sponsored Ads

The Web Security Mailing List

« Crafting a Security RFP | Main | Oracle to issue 41 patches on January 13th »

How to Suck at Information Security

Lenny Zeltser from dshield has posted an amusing list of ways to suck at information security broken up
in the following categories.

- Security Policy and Compliance
- Security Tools
- Risk Management
- Security Practices
- Password Management

Here's a snippet

"Security Tools

Deploy a security product out of the box without tuning it.
Tune the IDS to be too noisy, or too quiet.
Buy security products without considering the maintenance and implementation costs.
Rely on anti-virus and firewall products without having additional controls.
Run regular vulnerability scans, but don’t follow through on the results."

Read the list: http://isc.sans.org/diary.html?storyid=5644

Posted by Robert A. on 01/09/2009 in Funny | Permalink | Reddit

Comments

You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Post a comment