Dealing with the impact of getting caught surreptitiously violating customer privacy, costly. Avoiding violating your customers' privacy, priceless.
-- John Pescatore, VP at Gartner, Inc.
Src: SANS NewsBites Vol 12 No 55
Showing posts with label humor. Show all posts
Showing posts with label humor. Show all posts
QOTD - Pescatore on Privacy Violations
[Humor] SPPD - the Security Patch Procrastination Disorder [Humor]
[Disclaimer: this is a work of fiction meant to be humorous and not a true medical, IT, or InfoSec condition]
SPPD - Security Patch Procrastination Disorder
--- Symptoms and treatment options ---
Note: only an experienced Information Security Professional can make an actual SPPD diagnosis.
The Security Patch Procrastination Disorder is characterized by a general complacency towards the deployment of security patches. In its most extreme form, it is often accompanied by delusions that patching is simply not required for secure IT operations. When this behavior continues during widespread reports of critical patches, it is referred to as Acute Security Patch Procrastination Disorder or ASPPD for short.
SPPD often starts as a benign case of FSOS, or False Sense Of Security, often resulting from unprotected and unmitigated contact with vendor-based security marketers. If left untreated, FSOF eventually erupts into full-blown SPPD (see list of symptoms below). If diagnosed early by an Information Security Professional, SPPD can be treated with simple, but regularly scheduled applications of COTS patches, also known as Commercial-Off-The-Shelf patches.
SPPD diagnosis requires the presence of at least two of the following symptoms, observed for at least one month:
SPPD - Security Patch Procrastination Disorder
--- Symptoms and treatment options ---
Note: only an experienced Information Security Professional can make an actual SPPD diagnosis.
The Security Patch Procrastination Disorder is characterized by a general complacency towards the deployment of security patches. In its most extreme form, it is often accompanied by delusions that patching is simply not required for secure IT operations. When this behavior continues during widespread reports of critical patches, it is referred to as Acute Security Patch Procrastination Disorder or ASPPD for short.
SPPD often starts as a benign case of FSOS, or False Sense Of Security, often resulting from unprotected and unmitigated contact with vendor-based security marketers. If left untreated, FSOF eventually erupts into full-blown SPPD (see list of symptoms below). If diagnosed early by an Information Security Professional, SPPD can be treated with simple, but regularly scheduled applications of COTS patches, also known as Commercial-Off-The-Shelf patches.
SPPD diagnosis requires the presence of at least two of the following symptoms, observed for at least one month:
- Disorganized patching behavior (infrequent patching habits and other incoherent statements like "we apply critical security patches when we see a need")
- Delusions about the state of software or hardware security (i.e. "what's the worst a software bug can do?")
- Hallucinations about vendor fairies protecting the data (i.e. "but we're running appliance X from SuperDuperVendor and they used certified pixie dust.")
Only on eWeek
As I was reading a back issue of eWeek, I noticed some confusion as to who the laptop manufacturer really is...
Privacy is good - Privacy by visibility is NOT good
As this FailBlog post illustrates, security and privacy often fail because they are "patched-on" instead of "baked-in."
Marriott Fail « FAIL Blog: Pictures and Videos of Owned, Pwnd and Fail Moments
Marriott Fail « FAIL Blog: Pictures and Videos of Owned, Pwnd and Fail Moments
Subscribe to:
Posts (Atom)
