Category: Cyber Security
A fortress is an intuitive analogy for the enterprise but it is an overly hyped and misleading one. Beyond a few shared objectives such as parameter security, surveillance, and physical access to a facility, cyber security has little in common with traditional military fortifications.
The evidence suggests that the widespread practice of users writing down passwords and keeping them in unsecured locations is a natural response to unrealistic security mandates. Users in general are concerned with productivity and view passwords and their management as unproductive and wasteful activity.
A few days ago, I got a phising email. I usually delete these emails promptly, but this one had an interesting component to it: it came with a password protected MS Word document. This is somewhat unusual because they typically expect you to just launch the attachment and activate the payload immediately.