Myths Surrounding ISO27001 Information Security

This week I am carrying the series of myths forward and this time surrounding Information Security (ISO27001).

1. Information Security is for big companies
   
   False Most small companies (and individuals) are targeted at
   some time.


2. My computer has virus control software so I am safe.
   
   False Anti-Virus software is only one area of protection.


3. I have turned off the Microsoft Automatic Update to protect my computer.
   
   False Auto-update provides security patches to help protect your computer.


4. I always tear up sensitive paper information before putting it in the dustbin to
   protect myself.
   
   False tearing up paper is never as secure as shredding.


5. Cutting a credit card in half makes it useless to a thief.
   
   False Shred any non required credit cards as a thief can copy the detail and your signature.


6. Email is a secure method of communication.
   
   False Unless you encrypt your email, it is visible.


7. I can't remember complex passwords so I use my dog's name, but that is secure.
   
   False A hacker will run a dictionary test to find easy passwords like this.


8. My company insists on 8 digit passwords so I have to write them down – but this is safe.
   
   False Writing down passwords is a bad idea and is full of risk.


9. In my company we all share a generic password but this is secure.
   
   False If there is s problem with a generic password is it almost impossible to find out who is responsible.


10. When we get new computers we always format the old hard disks to ensure they cannot be hacked.
    
    False Hard disks should be physically destroyed otherwise data can be recovered, sometimes by simply un-formatting.

Source: http://blog.quality-matters.com/2007/10/myths-surrounding-iso27001-information.html