Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Gartner reveals top 10 IT security myths

Ellen Messmer | June 12, 2013
Gartner analyst says "misperceptions" can wreck best-laid IT security plans

Cure: Methodical risk analysis and prioritization, multi-year security plan

Myth #9: "Let's get the policy in place and we are good to go"
Cause: Wishful thinking

Cure: Establish management responsibility and pick your battles carefully

Myth #10: "Encryption is the best way to keep your sensitive files safe"
Cause: When encryption works, it works brilliantly. But it can cause more harm than good when there are naïve expectations about a difficult technology; sometimes it's a "search for the Holy Grail" or "magic bullets" to shoot down regulatory concerns

Cure:  Ensure you have solid experience in cryptography before making decisions

As a final cap, Heiser pointed out that many of these myths arise because of factors that are simply the human propensity to over-react in unfamiliar situations or the common organizational bent to pass the blame to someone else. "Buck passing characterizes bureaucratic risk management," Heiser noted. He said that "there's no reason the CISO should just sit there and accept all those hot potatoes," especially when employees are loading up on consumer computing technologies.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.