Worst practices: Security incidents to avoid

Infosec professionals are certainly aware of best practices, like employee awareness training, proper firewall configuration and data encryption, just to name a few. Perhaps the “worst practices” in information security are the ones that are either dropped or not followed.

Frequently, after a company has paid a security staff to identify vulnerabilities, develop appropriate policies and roll out plans to address security risks, someone comes along and decides one or more of the following:

  • They don’t apply to me.
  • They don’t apply to my department.
  • They are too burdensome to follow.

And it’s not just companies that are guilty of this. Here are a few true security stories that prove my point:

Read the rest of this entry »

April 17th, 2008 by admin Information security Current affairNo Comments
Webpage Brought to you by Pradheep Manohara (MSc IT Security)