Cargo Cult Security
Oh my, but I am glad that I work with some sharp folks. Mike Janke over at Last In - First Out wrote a post on Cargo Cult System Administration, or the practice of taking action without understanding why in hope that things will get better.
Following a security recipe without understanding the risks you are addressing. If you don’t understand how hackers infiltrate your systems and ex-filtrate your data, then your DLP, Firewalls, IDS, SEIM, etc. are cargo cult. You’ve built the superficial exterior of a system without understanding the underlying substance.
I believe that cargo cult security has long been the de facto standard in IT operations. Whether installing an intrusion detection system after an intrusion or installing anti-malware software after a malware infestation, throwing appliances in your network or installing
If you do understand how your systems get infiltrated, then you’ll probably consider simple controls like database and file system permissions and auditing as important as expensive, complex packaged products.






