Essential Information Security (InfoSec) problems are discussed and common myths formulated, including that InfoSec development must be identical everywhere; that every entity has to protect its own assets; that confidentiality is the most important element of InfoSec; that terrorists are the only and most crucial adversaries technical tools provide infuse; that mathematics is nothing but cryptography; that the goal is to spend as little on security as possible and that it would be nice if security paid for itself; that standards are void and complicated; that IT team should create the InfoSec system; and that outsourcing is the solution as they know everything. InfoSec myths also apply to the Emergency Preparedness and Response (EPR) field. EPR could better implement Information Security practice and vice versa, stimulate InfoSec development and thus enrich each other. For both, InfoSec and EPR, strong international, cross-agency and interdisciplinary approaches with focusing on information sharing instruments are needed to counteract chemical, biological, radiological and nuclear threats.