Top 10 Excuses for Not Improving Security
10. It's just a test box.
...Any host connected to the network is vulnerable to
attack.
9. The host administrator is on vacation.
...Compromised hosts will be blocked, and you'll lose
service.
8. I didn't know that service was running on that machine.
...Request a vulnerability scan from Network Services.
7. I just installed that computer 10 minutes ago.
...The Internet is flooded with thousands of attacks every
second.
6. That host doesn't have anything important on it, so it's
not a target.
...Hackers aren't picky. Any vulnerable host is an
appealing launching pad.
5. A faculty member, not the administrator, maintains that
host.
...All hosts connected to the network should be managed
by a qualified IT worker.
4. I don't have enough time.
...Is there enough time to recover from an incident?
3. I don't have enough money.
...Are there enough funds to recover from an attack?
2. I didn't know there was a patch for that bug.
...Keep informed by monitoring news, lists and vendor
Web sites.
And the number one excuse for not
improving computer security?
1. I don't know very much about security.
...That's easy. Attend ITSA Day.

http://www.itsa.ufl.edu/posters/top10reasons.pdf