How Security cHangeD PoSt 2000 95
best practices are exactly that—they are the best practices known to
mankind, the ultimate authority.
Like so many other facets of post-2000 security, the use of the phrase
“best practices” gained momentum because, just as use of automated
vulnerability scanners could be used to substitute the Hacker’s wis-
dom in vulnerability testing, “best practices” could be used to negate
the need for any further or deeper analysis in most other areas of
security. e skill sets required to go deeper and really assess the pros
and cons of whatever practice is being prescribed (at a practical IT
level, with boring, nonchatty Unix consoles and MS-DOS prompts)
were no longer necessary because the best practice was already ...