IT Security & Network Security News & Reviews: Top 10 Dumb Computer Security Notions and Myths
Well Do Security Later
This kind of thinking is very common during a merger or an acquisition or when the company is rushing out a new product. Since systems and networks are continuously evolving and getting more complicated, it is always difficult to retrofit security at a later date. Security should be considered from the start, not afterward.
While organizations are deploying firewalls, public key cryptography and complying with various security and privacy regulations, many of them are still hanging onto certain misperceptions, "falsehoods" and approaches that don't work, Charles Pfleeger, a security consultant and principal of the Pfleeger Consulting Group, said in a keynote speech at a recent security event jointly held by Kaspersky Lab and NYU-Polytechnic University in New York City. "There are a lot of dumb ideas," Pfleeger said, noting that some of the misconceptions can be found within the security community itself. In his keynote speech, Pfleeger used construction analogies to illustrate the importance of building applications and designing IT architectures with security in mind. It's easier to build a house with electricity from the start, rather than breaking into a freshly painted wall later to install cables, Pfleeger said. IT and security professionals should learn to recognize bad ideas for what they are and counter the erroneous notions when they come across them, he said. For this slide show, eWEEK chatted with security experts to expand on Pfleeger's initial list to highlight myths and fatuous ideas that put enterprises and users at risk.