The road to hell is paved with best practises presented at BSidesLondon 2010

by Frank Breedijk,

Summary : Presentation Abstract:
This talk will try to address the "unaskable" question "will best practices make use more secure?" in a light and entertaining manner.
Will a strong password policy result in stronger passwords? When are there too many admins on the system?
In good cop/bad cop style Frank Breedijk and Ian Southam will address this topic from the firm believe that IT Security should actually make IT more secure.
Presentation Outline:
Together they have been in the IT profession for over 35 years. Ian primarily as a system administrator, Frank first as a programmer later as IT security something. Together they strongly believe that IT Security should have one purpose, to actually make computing and processing information more secure.
As obvious as that statement seems, security measures often do not achieve this goal but sometimes hurt it. E.g. enforcing "very strong" password policies will often result in people not being able to remember their passwords and writing them down, or reverting to passwords like Password01, Password02, etc.
In a light, good cop/bad cop style presentation Ian and Frank plan to address this and other less obvious examples of so called "best practices" that actually hurt security.
What do you hope attendees will gain from the presentation?
Besides the fact that we plan to give a very entertaining presentation, we also hope to trigger some self reflection in the IT security community.
We hope to help break the inertia of certain long lived best practices that, e.g. force us to change our password every month because it takes two months to crack such a password with a PDP-11.
The presentation will also provide some handles for people who share our believes to broach the subject to others.