The Myths of Security - Information Security Magazine - Page 1
EXPOSE
The ancient Greeks spun myths to explain the unexplanable. Modern enterprises use commonly held myths as a foundation for security.

In Greek mythology, the closest thing to a "God of Security" wasn't a god at all, but the giant monster Argus, who was considered the perfect security guard because of his ability to keep at least one of his hundreds of eyes open while sleeping.

Argus was a fearsome warrior to contend with, but he wasn't invincible. He ended up the wrong side of Zeus, who sent his son Hermes to kill Argus.

As the story goes, Hermes lulled the giant into a deep, eye-closing slumber. Then, when Argus was no longer "watching," Hermes cut his head off.

Argus is an interesting, if imprecise, symbol for today's infosecurity professional.

We, too, pride ourselves on our ability to keep constant vigilance over our systems, networks and data. Unfortunately, we're often undermined by the cunning of our adversaries and their ability to exploit our vulnerabilities.

The parallels between ancient mythology and modern enterprise security don't end there. As in ancient times, myths are the foundation of much of security's belief system; they're a way to infuse meaning and purpose in a world that lacks scientific explanation. Where the ancients lacked empirical data to explain the world around them--such as the movement of the stars or the change of the seasons--security pros lack data on the effectiveness of their activities.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

What constitutes "good" security? How effective is my IDS? How much money should I spend on vulnerability management? How do you quantify security productivity?

Lacking the tools and knowledge to gather, analyze and apply objective data to our policies and initiatives, we, like the ancients, uncritically accept common truisms about the "way to do security," rarely questioning their validity or applicability.

For security to mature as a business discipline, security professionals must shed the common myths that justify our beliefs and give meaning to our activities, and develop a framework of critical thinking that tests the generalities of the best way to secure the enterprise.

Here are six common security myths and how you can avoid being lulled into a false sense of security by them.

This was first published in January 2005