Gartner's Top 10 IT Security Myths

  • 13 June 2013
  • 1 reply

Userlevel 7
As some of you may know, this year's Gartner Security & Risk Management Summit is going on right now in Washington D.C.
Yesterday, a Gartner analyst revealed a top 10 list of IT Security 'misperceptions' or myths as well as what they believe is the cure for all 10. (Networkworld posted the full article here.) They are as follows:
1. It won't happen to me.
2. Infosec budgets are 10% of IT spend.
3. Security risks can be quantified.
4. We have physical security (or SSL) so we know your data is safe.
5. Password expiration and complexity reduces risk.
6. Moving the CISO outside of IT will automatically ensure good security.
7. Adhering to security practices is the CISO's problem.
8. Buy this 'tool' and it will solve all of your problems.
9. Let's get the policy in place and we are good to go.
10. Encryption is the best way to keep your sensitive files safe.
As an internet and endpoint security company, we have our own myths and cures based on our studies and analyses. I wanted to post this list from Gartner to see what all you IT pros out there think. Do you agree with all of these myths and cures? Some of them? None?

(Source: Gartner)

1 reply

Userlevel 5
Obviously no. 1 is valid in all cases. This is one of those famous last words. For some of these (The one's I understand, not really in the security business) like no. 5 and 10, there is no harm in doing it although it's not an end all means by any standard.
If you are really in the IT Security business then I doubt that you'd fall for no. 8 and 9. You should really know better and if you don't then you're obviously not the right person for the job. This is generally the people that read something and think they are immediately a subject expert.