Management Errors

As determined by the 1,850 computer security experts and managers meeting at the SANS99 and Federal Computer Security Conferences held in Baltimore May 7-14, 1999
From http://www.sans.org/newlook/resources/errors.htm

• Pretend the problem will go away if they ignore it.
• Authorize reactive, short-term fixes so problems re-emerge rapidly
• Fail to realize how much money their information and organizational reputations are worth.
• Rely primarily on a firewall.
• Fail to deal with the operational aspects of security:
  make a few fixes and then not allow the follow through necessary to ensure the problems stay fixed
• Fail to understand the relationship of information security to the business problem.
• Understand physical security but do not see the consequences of poor information security.
• Assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job.

• PreviousSecurity Infrastructure Investment
• Contents
• NextSecurity Mission Statement

 Last change: Monday, June 17, 2002 10:36 am
 Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.