This article can also be found in the Premium Editorial Download "Information Security magazine: How security pros can benefit from information sharing."
Download it now to read this article plus other related content.
The ancient Greeks spun myths to explain the unexplanable. Modern enterprises use commonly held myths as a foundation for security.
In Greek mythology, the closest thing to a "God of Security" wasn't a god at all, but the giant monster Argus, who was considered the perfect security guard because of his ability to keep at least one of his hundreds of eyes open while sleeping.
Argus was a fearsome warrior to contend with, but he wasn't invincible. He ended up the wrong side of Zeus, who sent his son Hermes to kill Argus.
As the story goes, Hermes lulled the giant into a deep, eye-closing slumber. Then, when Argus was no longer "watching," Hermes cut his head off.
Argus is an interesting, if imprecise, symbol for today's infosecurity professional.
We, too, pride ourselves on our ability to keep constant vigilance over our systems, networks and data. Unfortunately, we're often undermined by the cunning of our adversaries and their ability to exploit our vulnerabilities.
The parallels between ancient mythology and modern enterprise security don't end there. As in ancient times, myths are the foundation of much of security's belief system; they're a way to infuse meaning and purpose in a world that lacks scientific explanation. Where the ancients lacked empirical data to explain the world around them--such as the movement of the stars or the change of the seasons--security pros lack data on the effectiveness of their activities.
Lacking the tools and knowledge to gather, analyze and apply objective data to our policies and initiatives, we, like the ancients, uncritically accept common truisms about the "way to do security," rarely questioning their validity or applicability.
For security to mature as a business discipline, security professionals must shed the common myths that justify our beliefs and give meaning to our activities, and develop a framework of critical thinking that tests the generalities of the best way to secure the enterprise.
Here are six common security myths and how you can avoid being lulled into a false sense of security by them.
This was first published in January 2005