InfoWorld - Security Adviser: The best computer security advice you'll get

/Home/Internet Security: Blogs/Internet Security: InfoWorld blog/InfoWorld: Security Adviser 2015

The world is awash in bad security advice that distracts from addressing the real threats. Here's what you really need to know

By Roger A. Grimes
Jan 20, 2015

I couldn't put my finger on what was nagging at me the last few months. When I finally sorted it out, it was the realization that most computer security advice is an absolute waste of time -- and most of what isn't is barely useful.

Even I'm guilty. Statements I've spouted in the past, like using long and complex passwords or hardening your computer system, don't really deliver much value. Disable weak password hashes? That was good advice 15 years ago. Use an up-to-date antivirus program? If that worked, we would have solved the problem decades ago.

When I look at the data of how people and computers are compromised, those previous recommendations didn't effectively address the attack vectors that make malicious hackers so successful. Instead of giving you dozens to hundreds of truly ineffective recommendations, I'm going to give you a few basic defenses that really work.

Forget every past computer security advice you've ever read -- even from me. This is the real deal. Everything else is wasted cycles.

Click the URL above to read the full article