I love talking about mistakes :-) In fact, I wrote a few fun papers summarizing common mistakes in intrusion detection
, incident response
and log analysis
. But Richard Bejtlich
did a one up, summarizing "Common Security Mistakes
Those are (quoted from his blog post
- "Failure to maintain a complete physical asset inventory
- Failure to maintain a complete logical connectivity and data flow diagram
- Failure to maintain a complete digital asset/intellectual property inventory
- Failure to maintain digital situational awareness
- Failure to prepare for incidents"
What I like about them is that most revolve around not knowing what you got ... Indeed, before you mire yourself in prevention-detection-response, you need to think for a few seconds :-) about what are you trying to protect....