Cure: Methodical risk analysis and prioritization, multi-year security plan
Myth #9: "Let's get the policy in place and we are good to go"
Cause: Wishful thinking
Cure: Establish management responsibility and pick your battles carefully
Myth #10: "Encryption is the best way to keep your sensitive files safe"
Cause: When encryption works, it works brilliantly. But it can cause more harm than good when there are naïve expectations about a difficult technology; sometimes it's a "search for the Holy Grail" or "magic bullets" to shoot down regulatory concerns
Cure: Ensure you have solid experience in cryptography before making decisions
As a final cap, Heiser pointed out that many of these myths arise because of factors that are simply the human propensity to over-react in unfamiliar situations or the common organizational bent to pass the blame to someone else. "Buck passing characterizes bureaucratic risk management," Heiser noted. He said that "there's no reason the CISO should just sit there and accept all those hot potatoes," especially when employees are loading up on consumer computing technologies.
Sign up for CIO Asia eNewsletters.