Recently, Security Week featured a great article by Emily Ratliff about “Unknown Unknowns” which explains really well how it is that the things you don’t know are those most likely to bite you. This kind of advice about what you don’t know biting you is ancient and dates back thousands of years before computers were invented.
Like lots of good advice, it’s more well-understood than it is well-followed. Here’s a bit of what Ms Ratliff has to say:
I recently thought of the apocryphal story about the solid reliability of the IBM AS/400 systems. I’ve heard several variations on the story, but as the most common version of the story goes, an IBM service engineer shows up at a customer site one day to service an AS/400. The hapless employees have no idea what the service engineer is talking about. Eventually the system is found in a closet or even sealed in a walled off space where it had been reliably running the business for years completely forgotten and untouched. From a reliability perspective, this is a great story. From a security perspective, it is a nightmare. It represents Donald Rumsfeld’s infamous “unknown unknowns” statement …
I also recommend the rest of her Unknown Unknowns article to you as well. She has some exceptionally nice things to say about the Assimilation Suite that I think you’ll enjoy.
Please note: I reserve the right to delete comments that are offensive or off-topic.