Information Security Myths

Do you think protecting a organization from bad guys is an easy task? not as easy as you/people think, indeed its a difficult task to handle. War between hackers and pentesters on securing and exploiting a website is on one such task which is ageing from past 10+ years, worst part is high level management with in an organization is unaware of risks involved in not prioritising security.

Not just startups even some MNCs fail to take a baby step  towards securing their organization because of some of the below security myths.


  1. My organization has passed security compliance from ISO 27001 hence its completely secured

  2. Network/ Application security audits catch all the vulnerabilities

  3. Web Application Security Assessments find all vulnerabilities and no way bad guy can hack

  4. My developers are skilled, We never had any data breaches on our organization and we are safe!

  5. Secure Socket Layer (SSL) Protects my website

  6. We are a mid-size and with limited network/application, hence security is not an issue

  7. We have widely used firewalls and routers which defend us from attacks

  8. Blame game within an organization between developers of application side and network side(lack of information)

  9. Programming/Scripting languages used are secured languages

  10. We don’t have anything worth to steal or trouble

  11. Anti-Virus is protecting me against malware’s and fresh exploits

  12. Data stored in our systems are encrypted/salted and completely under our control

Information Security Myth's