I just came across this picture. It is a great reminder to security professionals to set priorities and focus on the high risk items. Don't focus your attention on reducing your screen saver time-outs from 30 minutes to 15 minutes if your using telnet on your financial systems. Remember, calculate your SLE (Single Loss Expectancy) based upon the value of the assets and the vulnerability. Calculate your ALE (Annual Loss Expectancy) based upon the likelihood the threat will manifest itself. Then address the issues that really pose the greatest threat to your organization. Don't focus on the Jackhammer noise and overlook the cigarette in your mouth.
Welcome to In Depth Defense. In Depth Defense LLC is a privately owned Information Security Consulting company owned and operated by Mark Baggett. In Depth Defense specializes in Penetration Testing and Incident Response. At this time In Depth Defense is not accepting any new client work, but we are happy to speak to you and point you to other resources in the community.
Mark Baggett has been active in Information Security for 18+ years. I've served in a variety of roles from software developer to CISO. You can find archives of older blog entries below and read my newer posts on http://www.pauldotcom.com, http://isc.sans.edu and http://pen-testing.sans.org