LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What are common management misconceptions about information security?

Typical misconceptions include "we already have a firewall," "we're not a target," "nothing has ever happened," and "our employees are 100% loyal."

Common excuses from management:

  1. "What does InfoSec bring us... besides costs?" — Ignores regulatory requirements, reputation risk, and competitive advantage
  2. "We already have a firewall" — Security is much more than one technical control
  3. "We're not an interesting target for hackers" — Automated attacks don't discriminate by company size; SMBs are actually frequent targets
  4. "Nothing has ever happened to us" — Data theft often goes undetected; absence of evidence is not evidence of absence
  5. "Our employees are 100% loyal" — Insider threats are real; loyalty doesn't prevent human error
  6. "We can easily do without computers for a few days" — Most modern businesses would halt without IT

Why these are dangerous: Each misconception leads to underinvestment in security. The reality is that over 50% of companies that suffer complete data loss go bankrupt within 24 months.

From Quiz: ISM / Standards & Frameworks I (ISO, BSI) | Updated: Jul 05, 2026