|
This cheat sheet presents common information security mistakes, so you can avoid making them.
Ignore regulatory compliance requirements.
Assume the users will read the security policy because you’ve asked them to.
Use security templates without customizing them.
Jump into a full-blown adoption of frameworks such as ISO 27001/27002 before you’re ready.
Create security policies you cannot enforce.
Enforce policies that are not properly approved.
Blindly follow compliance requirements without creating overall security architecture.
Create a security policy just to mark a checkbox.
Pay someone to write your security policy without any knowledge of your business or processes.
Translate policies in a multi-language environment without consistent meaning across the languages.
Make sure none of the employees finds the policies.
Assume that if the policies worked for you last year, they’ll be valid for the next year.
Assume that being compliant means you’re secure.
Assume that policies don’t apply to executives.
Hide from the auditors.
Deploy a security product out of the box without tuning it.
Tune the IDS to be too noisy, or too quiet.
Buy security products without considering the maintenance and implementation costs.
Rely on anti-virus and firewall products without having additional controls.
Run regular vulnerability scans, but don’t follow through on the results.
Let your anti-virus, IDS, and other security tools run on “auto-pilot.”
Employ multiple security technologies without understanding how each of them contributes.
Focus on widgets, while omitting to consider the importance of maintaining accountability.
Buy expensive product when a simple and cheap fix may address 80% of the problem.
Attempt to apply the same security rigor to all IT assets, regardless of their risk profiles.
Make someone responsible for managing risk, but don’t give the person any power to make decisions.
Ignore the big picture while focusing on quantitative risk analysis.
Assume you don’t have to worry about security, because your company is too small or insignificant.
Assume you’re secure because you haven’t been compromised recently.
Be paranoid without considering the value of the asset or its exposure factor.
Classify all data assets as “top secret.”
Don’t review system, application, and security logs.
Expect users to forgo convenience in place of security.
Lock down the infrastructure so tightly, that getting work done becomes very difficult.
Say “no” whenever asked to approve a request.
Impose security requirements without providing the necessary tools and training.
Focus on preventative mechanisms while ignoring detective controls.
Have no DMZ for Internet-accessible servers.
Assume your patch management process is working, without checking on it.
Delete logs because they get too big to read.
Expect SSL to address all security problems with your web application.
Ban the use of external USB drives while not restricting outbound access to the Internet.
Act superior to your counterparts on the network, system admin, and development teams.
Stop learning about technologies and attacks.
Adopt hot new IT or security technologies before they have had a chance to mature.
Hire somebody just because he or she has a lot of certifications.
Don’t apprise your manager of the security problems your efforts have avoided.
Don’t cross-train the IT and security staff.
Require your users to change passwords too frequently.
Expect your users to remember passwords without writing them down.
Impose overly-onerous password selection requirements.
Use the same password on systems that differ in risk exposure or data criticality.
Impose password requirements without considering the ease with which a password could be reset.
The 10 Dumbest Things People Do… http://www.sans.org/newsletters/ouch…
10 common security mistakes… http://www.techrepublic.com/blog/10-things…
Mistakes … that Lead to Security Breaches http://sans.org/resources/mistakes.php?ref=3816
Our Advantages
Plagiarism Free Papers
We ensure that all our papers are written from scratch. We deliver original plagiarism-free work. To guarantee this, we submit all work alongside a plagiarism report.
Free Revisions
All our papers are completed and submitted before the deadline. We ensure this to provide you with enough time to go through the work and point out any sections or topics that may need revision or polishing. We provide unlimited revision services for free.
Title-page
All papers have a title page providing your personal and institutional information. We do not charge you for this title page.
Bibliography
All papers have a bibliography or references page. This page is a requirement for academic and professional documents. We provide this page at no cost for all our papers.
Originality & Security
At Thehomeworklabs, we guarantee the confidentiality and security of your information. We value our clients and take confidentiality seriously. All personal information is treated with confidentiality and stored safely to ensure that no third parties gain access to it. We also provide original work and attach an originality/plagiarism report alongside all papers.
24/7 Customer Support
Our customer support team is available 24/7 to provide you with any necessary assistance when you need it. You can contact us at any time, day or night, via email or through the live chat button.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
Our Services
We provide our customers with the best experience in the academic and business writing field.
Pricing
We provide the best quality of service at affordable prices. We also allow our clients to make partial payments for their orders. You can also contact our customer support team in case you need to discuss a different payment plan.
Communication
Admission help & Client-Writer Contact
We realize that sometimes clarification is necessary to ensure that quality work is done. Therefore, we provide a button for clients and writers to communicate in case some clarification is needed.
Deadlines
Paper Submission
We ensure that we submit all papers ahead of their respective deadlines. This allows you to go through the documents and request any revision, corrections, or polishing before the paper is due.
Reviews
Customer Feedback
We encourage customer feedback, positive or negative. We can identify the various areas that we need to improve to provide even better services through your feedback. Please feel free to give us feedback.