LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are common management misconceptions about information security?

Managers often dismiss security as a cost center, assume firewalls are enough, or believe their company isn't a target.

Classic management excuses:

Misconception Reality
"What does security bring us besides costs?" It prevents far greater costs from breaches, fines, and reputation damage
"We already have a firewall" A firewall is one control among hundreds needed — it's not a silver bullet
"We're not a worthwhile target for hackers" Every organization has valuable data; attackers also target small companies as stepping stones
"Nothing has ever happened to us" That you know of — many breaches go undetected for months or years
"Our employees are 100% loyal" Insider threats are statistically one of the top risks
"We can do without our computers for a few days" Modern businesses are utterly dependent on IT — even a day of downtime is often catastrophic

Tip: These misconceptions are exactly what security awareness programs for executives should address. The goal is to shift the mindset from "security as cost" to "security as business enabler."

From Quiz: ISM / ISM Intro & Repetition | Updated: Jul 14, 2026