As an IT Manager or perhaps a more specialised IT Security Officer, you have your security policy in place, your physical security, network security and application security measures are all installed and functioning. Systems are patched up to date and for that split second it would seem that security is no longer an issue. Unfortunately, a second is probably as good as it gets, as there is bound to be another threat waiting around the corner. In today’s fast paced electronic world, whilst it is not possible to maintain a totally secure environment, 98 percent secure is far better than 97 percent secure. Every bit counts, but when it comes to applying security there are many practices that are overlooked simply because we choose to ignore that certain threats exist or worse still, as this is the more likely to be the case, simply don’t even realise that some threats exist.

When I speak of security practices I am, of course, referring to tasks that can be carried out to counteract threats. There are many threats that go overlooked and the purpose of this paper is to explore some of these to hopefully make that difference between 97 and 98 percent. Although many of these may not be considered “critical” threats, these often form the initial portions of an attack, carried out in the reconnaissance phase as attackers acquire all of the background information with which to launch an attack. Logically, it makes sense to prevent these threats from surfacing as thwarting these could prevent large-scale attacks from mounting.

This document is in PDF format. To view it click here.