Because I'm all about the "good enough."

Monday, February 6, 2012

Of Egyptian rivers &c.

Just for fun, I've compiled some of the top security excuses I've heard in my career.

  1. It's okay, it's behind the firewall.
  2. Won't antivirus catch that?
  3. No, we don't have confidential data on our system, just these Social Security numbers of our employees.
  4. But nobody would do that [exploit of a vulnerability].
  5. I can't remember all these passwords.
  6. My application won't work with a firewall in the way.
  7. They won't be able to see that; it's hidden.
  8. It's safe because you have to log in first.
  9. No, we don't have credit cards on our system, just on this one PC here.
  10. We didn't HAVE any security issues until YOU came to work here.*

*True story.