Consequences of Overzealous Security

Part of Information Security is not making assumptions. You don’t assume that computer systems are safe, you check them. Even if they were safe when you checked them, you check them again months later to make sure they are still safe. This sort of regular assessment is no different than security guards making regular rounds in an office building late at night. Such as at a bank. When something suspicious is discovered during a systems check or pentest, you investigate it in order to verify that what was found is what you think it is. Evidence of a server break-in needs to be checked carefully before one goes blurting out “We’ve been hacked!”. Just like a bank doesn’t say “We’ve been robbed” because some accounting numbers don’t match-up.[…]