Cargo Cult Security
Here is a fictional story for you that bears no resemblance to any living, dead, or undead persons whatsoever. Imagine someone who is interested in establishing and maintaining a „medium“ to „high“ level of security for his or her business data. This person is a power user and uses hard disk encryption, an encrypted file server, access to internal data by VPN and GPG/PGP for communication. So far, so good. Now for the bad news: untrusted devices without security software may also access internal resources and shiny new workstations run without anti-virus protection or firewalls. Questions regarding potential risks go unnoticed, suggestions to periodically check the security measures also disappear into the vast void of email. What is wrong with this picture? Well, given that all of this is purely fictional, someone you might