Articles on Leadership

• Leadership Limitations of Frameworks in Information Security
  Security frameworks like ISO 27002 and PCI DSS provide structure, but organizations often adopt them blindly without considering applicability. Companies misinterpret prescriptive standards to suit...
• Risk Management Information Security Implications of the New Tech Bubble
• Tools The Importance of Feeling Secure
  Feeling secure differs from being secure—both matter. Users may abandon effective but quiet security tools, CISOs need compelling metrics and reports even when doing excellent work, and clients need...
• Risk Management Choice Fatigue Might Affect Information Security Decisions
  Research shows judges grant parole more often after meals because mental exhaustion from repeated decisions leads to status-quo choices. Security professionals making continuous decisions about...
• Risk Management The Reason For All Information Security Woes... Sleep Deprivation
  Sleep deprivation fundamentally shifts a decision-maker's risk preference from minimizing losses to aggressively pursuing the best potential gains. Therefore, information security initiatives must be...
• Training Traits of a Good Manager of an Information Technology Team
  Technical expertise rarely correlates with management ability. Google research found employees valued even-keeled bosses who made time for one-on-ones, helped puzzle through problems by asking...