Follow Tweet This Facebook LinkedIn

Main menu

Skip to secondary content
Menu
  • Tech News
    • Last 48 Hours
    • Analytics
    • Artificial Intelligence
    • Careers
    • Cloud
    • Digital Transformation
    • Ecommerce
    • Education
    • Emerging Tech
    • Infrastructure
    • IT Workplace
    • Leadership
    • Managed Services & Outsourcing
    • Marketing
    • Mobility
    • Opinion
    • Privacy & Security
    • Public Sector
    • Software
    • Wireless & IoT
    • Women in Technology
    • Work from home
  • Resources
    • Reports and Whitepapers
    • News for CIOs
    • CIO Census
    • Digital Security Zone
    • Webinar Highlight Reports
    • Roundtable Highlight Reports
    • 2020 IT Salary Calculator
    • AI Directory
    • ITWC Talks
    • Featured Partner Content Hubs
    • Digital Magazines
    • Blogs
  • Events
    • Canada’s Top Women in Fintech/Blockchain
    • CANADA’S TOP WOMEN IN CYBERSECURITY
    • CIO OF THE YEAR
    • MapleSEC
    • UPCOMING EVENTS
    • FLAGSHIP EVENTS
    • VIrtual Events
    • Webinars
    • Roundtables
    • All IT World Canada Events
  • Videos
    • President to President
    • All Tech Videos
  • Podcasts
    • Cyber Security Today
    • #Hashtag Trending
    • Leadership in the Digital Enterprise
    • CMO Talks
    • ITWC Podcast Network
  • Engage
    • Blogger Opportunities
    • 2020 Vision
    • Gartner Corner
    • About Us
    • Privacy Policy
    • Contact Us
  • Subscribe
#TRENDING
  • Analytics
  • Women in Tech
  • MapleSEC
  • Work from home
  • Morning Briefing
  • Cloud
  • Technicity WEST

OUCH! Free Content gets hurt by enabled Ad Blockers

Please consider unblocking us or Subscribe in support of our great non-gated content.
Matrix Style Password Graphic
Image from Shutterstock.com
Privacy & Security

IT Security Myths

IT World Canada Staff
IT World Canada Staff
@itworldca
Published: August 9th, 2013
    • Security Myth #1: More security is always better

      Bruce Schneier, security expert and author of ‘Liars and Outliers’: ‘More security isn’t necessarily better. First, security is a always a trade-off,and sometimes security costs more than it’s worth. For example, it’s not worth spending $100,000 to protect a donut.’

      slide 1

    • Security Myth #2: The DDoS problem is bandwidth-oriented

      Carl Herberger, vice president of security solutions at Radware: It’s an “urban myth” that distributed denial of service attacks would just “go away with more bandwidth.” Over half of DDoS attacks are not characterized by bandwidth at all but are application-oriented. Only a quarter of DDoS attacks are mitigated by adding bandwidth.

      slide 2

    • Myth #3 Regular expiration (typically every 90 days) strengthens password systems

      Ari Juels, chief scientist, RSA: “In fact, recent research suggests that regular password expiration may not be useful,” and that if an organization is going to expire passwords, “it should do so on a random schedule, not a fixed one.”

      slide 3

    • Myth #4: You can rely on the wisdom of the crowds

      Bill Bolt, vice president of information technology for the Phoenix Suns basketball team: Employees claim lots of people they know are telling them about a new virus or other imminent threat, but upon investigation, these notions don’t pan out.

      slide 4

    • Myth #5: Client-side virtualization will solve the security problems of ‘Bring Your Own Device’

      John Pescatore, Gartner analyst: The idea of the ‘work’ virtual machine and the ‘personal’ virtual machine for BYOD is going to be “a big waste of money.” The NSA tried this years ago with VMware for intelligence use with VMs for Secret, Top Secret and so on, and it wasn’t practical then and it’s not practical now.

      slide 5

    • Security Myth #6: “IT should encourage users to use completely random passwords to increase password strength and they should require passwords to be changed at least every 30 days.”

      Kevin Haley, director Symantec security response: This has “disadvantages” because completely random passwords are “usually difficult to remember” and a better alternative is often to create strong passwords formulated as an easy-to-remember phrase.

      slide 6

    • Security Myth #7: Any computer virus will produce a visible symptom on the screen

      David Perry, president of G Data Software North America: The typical “man in the street” believes a virus will be visible in the computer, showing “files melting away” and the like. “And the lack of visible trouble means that a system is obviously malware-free.”

      slide 6

  •  Alan Brill, senior managing director for the cyber security and information assurance practice at Kroll: “Mostly I hear it from victims” and “they are usually wrong.”

    slide 6

    • Security Myth # 9: Software today isn’t any better than it used to be in terms of security holes

      Gary McGraw, chief technology officer at Cigital: “We have gotten way better” and the “density ratio is going down” because of safe-coding practices in comparison to decades past. It’s just that there is “so much more software code being written.”

      slide 9

    • Security Myth #10: Sensitive information transfer via SSL session is secure

      Rainer Enders, CTO, Americas, NCP engineering: There are a lot of doubts about SSL session security based on both real-world incidents and research. The best assurance would be “never use the same key stream to encrypt two different documents.”

      slide 10

    • Security Myth #11: Endpoint security software is a commodity product

      Jon Oltsik, analyst at Enterprise Strategy Group: The majority of enterprise security professionals apparently agree with this statement about endpoint security products, but it’s not true because products “are vastly different in terms of level of protection and feature/functionality” and most organizations aren’t even aware of what they have.

      slide 11

    • Security Myth #12: Sure, we have a firewall on our network, of course we’re protected!

      Kevin Butler, information technology security analyst at the University of Arkansas for medical sciences: The myth that “a properly configured firewall will protect you from all threats” overlooks the fact that “nothing says hello like malicious content encapsulated over an SSL connection infecting your workstations.”

      slide 12

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12














Tweet This Facebook LinkedIn google+
Privacy & Security
15 Ideas from Canada 3.0
10 Terrific BlackBerry Games
10 Terrific BlackBerry Games

Related Content

Technicity West welcomes Calgary Mayor Naheed Nenshi

Technicity West: What’s next for digital government?

Digital Transformation Awards nomination
Sponsored By:

Myth busting: Seven reasons not to submit a Digital Transformation Award nomination

Sponsored By: AMC

Convergence of the titans: Today’s top technologies meet in Toronto

Payments Canada selects Interac as the exchange solution provider for the Real-Time Rail payments system

Need a graph DBMS but don’t want one?

P.E.I to adopt Telus Health’s electronic medical record system

Cisco Webex introduces real-time translation to meetings

Tweets by itworldca

Follow
Tweet This Facebook LinkedIn google+

Subscribe
Resources CanadianCIO Digital Security CMO Digital CDN Magazine IT Salary Calculator LightningPR Webinars and Events Tech Research Partner Content
IT World Canada Community About Us Contact Us Technology Videos IT News IT Blogs Mobility News Cloud Computing Technology Topics ITWC Talks
ITWC Websites ITWC.ca Channel Daily News.com IT World Canada.com IT Business.ca Direction Informatique.com
© 2021 IT World Canada