A Warning Tale on IT Security Reporting