Jiri’s Notepad

Fred Cohen, a person who defined term virus 20 years ago, goes on crusade against popular misconceptions about security:

• 
  
  That sounds like an ‘academic’ view


• 
  
  That’s a Socialistic View


• 
  
  We have a firewall/intrusion detection system/virus scanner that will take care of it.


• 
  
  Nobody would be interested in hacking us.


• 
  
  “IT is responsible for security” - statement by the CEO.


• 
  
  “I use my children’s names and passwords for all my passwords on all my accounts as I know the IT people make it safe”.


• 
  
  We don’t have to worry about viruses because [fill in the blank] - typically “we only use Macs”, “we only use Linux”, “we don’t use shareware”.


• 
  
  “We don’t want to establish security policies, since that would upset the employees.”


• 
  
  You consider *availability* to be a part of security?


• 
  
  Why waste money on intrusion detection? We’ve never seen a compromise or even an attack.


• 
  
  We use SSL, so our web site is secure.


• 
  
  We were certified by [PLACE NAME HERE] so we must be secure.