There was a presentation on the “Psychology of Security” which is a favorite topic of mine(past blogposts):
The topics in this slide from Stefan Schumacher presentation at BSides
- Users Choose weak passwords.
- Users are not interested in Security
- Users don’t understand Security
- Programmers create Buffer overflows and forget safety regulations
- Admins forget to patch
- developers use MD5 as password hash
- Social engineering
- Security awareness
In the previous slides Stefan touched on some of hte reasons for this abysmal state of security. People are misunderstanding the problem of security. And why it needs to be regularly attended. There is no “solving Security”.
“Yes we solved it, and we don’t have to bother with it anymore.” says the CEO/CIO/CFO… Nope not possible.
What has to be done is to test your devices, test your procedures, test people.
security is People , Processes and Technology – so that must be tested and reviewed on a quarterly basis. On a Monthly basis if you are a high value target.
You don’t want to be this company:
Important Announcement: A recent security breach and the end of “XYZ company”
from yesterday’s blogpost: http://oversitesentry.com/cloud-not-secure-as-rob-alexandercapitalone-cio-believes/
Contact Us to and we will explain this