|
|
|
|
|
|
by seee-I-Told-you
1280 days ago
|
|
|
While the list is certainly good precautions which everyone for the most part should be implementing and thinking about, it is not a complete list. Even though the author would say "it was not intended to be" it still kind of promises "these mitigations are enough".. and of course the world isn't black and white. Protecting a company or even a sole personal computer is a time staking challenge with multiple dimensions. It involves implementing processes and routines which you stick to, it involves technical solutions for mitigating threats in different categories and it involves planning, configuration and monitoring. It certainly involves staying well informed on vulnerabilities, present threats and the modus operandi of attackers. That's why we security consultants (on a senior level) are more or less useless unless we are developers ourselves and stack 30 000 + hours in experience. And still, with all this experience and knowledge the work is not a piece of cake at all. You have to be prepared to make exceptions, be pragmatic, a good communicator and a good skilled presenter. You have to be prepared to work uncomfortable hours, holidays, weekends etc. |
|
|