The 7 Top Management Errors that Lead to Computer Security Vulnerabilities
As determined by the 1,850 computer security experts and managers meeting at the SANS99 and Federal Computer Security Conferences held in Baltimore May 7-14, 1999
- Pretend the problem will go away if they ignore it.
- Authorize reactive, short-term fixes so problems re-emerge rapidly
- Fail to realize how much money their information and organizational reputations are worth.
- Rely primarily on a firewall.
- Fail to deal with the operational aspects of security:
make a few fixes and then not allow the follow through necessary to ensure the problems stay fixed
- Fail to understand the relationship of information security to the business problem.
- Understand physical security but do not see the consequences of poor information security.
- Assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job.