Top 10 Excuses for Not Improving Security

10. It's just a test box.
...Any host connected to the network is vulnerable to
attack.

9. The host administrator is on vacation.
...Compromised hosts will be blocked, and you'll lose
service.

8. I didn't know that service was running on that machine.
...Request a vulnerability scan from Network Services.

7. I just installed that computer 10 minutes ago.
...The Internet is flooded with thousands of attacks every
second.

6. That host doesn't have anything important on it, so it's not a target.
...Hackers aren't picky. Any vulnerable host is an
appealing launching pad.

5. A faculty member, not the administrator, maintains that host.
...All hosts connected to the network should be managed
by a qualified IT worker.

4. I don't have enough time.
...Is there enough time to recover from an incident?

3. I don't have enough money.
...Are there enough funds to recover from an attack?

2. I didn't know there was a patch for that bug.
...Keep informed by monitoring news, lists and vendor
Web sites.

And the number one excuse for not improving computer security?

1. I don't know very much about security.
...That's easy. Attend ITSA Day.

http://www.itsa.ufl.edu/posters/top10reasons.pdf