Literature Concerning Security
The worst part about being a network security manager is dealing with the constant barrage of reports on new security risks from the media and security organizations, followed closely by the announcements of new products and services that supposedly patch the newly reported holes. We do need to know about security problems, but, too often, stories about these problems are full of problems themselves. Many reports on the Code Red worms, for example, were full of so much misinformation that they unnecessarily added to IT managers' already unmanageable workloads.I've always trusted risk announcement sources such as CERT, SANS and Security Focus for warnings about new problems, but even they seemed to fall under the sway of the general media during the coverage of Code Red. For example, many experts highlighted the risk of an Internet slowdown due to the second coming of the Code Red worm. However, these experts knew full well that most systems had been patched after the first occurrence of Code Red, which meant that an Internet slowdown was highly unlikely. The decision of these organizations and the government to highlight this unlikely risk probably served only to reinforce the complacency of those who tend not to take security seriously.
Academic Journal derived from Jim Rapoza. Please visit the following site for in-depth information on this topic: http://www.eweek.com/article2/