Tuesday, October 21, 2008

Top ten security habits from experience

From my experience as security consultant on several big and small companies I have seen many security practices that I find to be most useful.

I'll share them with you in the following list:
  1. Never plan security, let it happen naturally
  2. It's better to apply any security controls in the production envieronment
  3. No matter what you do, the security guys will know how to secure it
  4. Always trust your internal networks and users
  5. You don't have to notify security, it's their job to know what's going on
  6. Always blame the security staff when something goes awry
  7. Never read any security document
  8. Easy passwords might be guessed, strong passwords will be forgotten
  9. Better to spend in big, expensive, hype-type security consultancy projects than in cheap, small hands-on-security-that-works projects
  10. If they don't know it they can't attack it, obscurity is the best security technique
I hope these tips improve security in your company, if they're not already doing so.


alex said...

I'm hoping that your tongue is firmly planted in cheek :)

chmeee said...

@alex It's my way to fight frustration, either you win or you can laugh at it :)