Test Your Security – Because Mistakes Happen

There was a  presentation on the “Psychology of Security” which is a favorite topic of mine(past blogposts):

http://oversitesentry.com/the-psychology-of-security/

http://oversitesentry.com/how-much-should-i-spend-on-cybersecurity/

http://oversitesentry.com/security-people-are-scaremongerers/

psychologyofsecuritystefanschumacher

The topics in this slide from Stefan Schumacher presentation at BSides

https://bsidesvienna.at/slides/2015/the_psychology_of_security.pdf

  • Users Choose weak passwords.
  • Users are not interested in Security
  • Users don’t understand Security
  • Programmers create Buffer overflows and forget safety regulations
  • Admins forget to patch
  • developers use MD5 as password hash
  • Social engineering
  • Security awareness

 

In the previous slides Stefan touched on some of hte reasons for this abysmal state of security. People are misunderstanding the problem of security. And why it needs to be regularly attended. There is no “solving Security”.

 

“Yes we solved it, and we don’t have to bother with it anymore.” says the CEO/CIO/CFO… Nope not possible.

What has to be done is to test your devices, test your procedures, test people.

security is People , Processes and Technology – so that must be tested and reviewed on a quarterly basis. On a Monthly basis if you are a high value target.

 

You don’t want to be this company:

drawquestannouncement

Important Announcement: A recent security breach and the end of “XYZ company”

 

from yesterday’s blogpost: http://oversitesentry.com/cloud-not-secure-as-rob-alexandercapitalone-cio-believes/

Contact Us  to and we  will explain this

fixvirussystemengineering

Advertisements