- Assessments 3 Reasons Why People Choose to Ignore Security Recommendations
People avoid information that challenges beliefs, demands undesired action, or causes unpleasant emotions—all common with security assessments. Recipients may resist findings that contradict "my...
- Risk Management Cyber Warfare Encompasses Only Some Security Concerns
Cyberwar discussions focus on mega breaches, but thousands of small breaches occur hourly and may exceed economic losses of high-profile incidents. Military cyber capabilities don't help civilian...
- Risk Management Herd Behavior in Cybersecurity: The Good and The Bad
Cybersecurity exhibits herd-like behavior, with both benefits and drawbacks. Higher vigilance by some professionals lets others focus elsewhere, which strengthens collective defense. But anxiety is...
- Risk Management Fear vs. Anxiety in Cybersecurity: What We Can Do
Fear involves specific threats that can be addressed, while anxiety is a reaction to abstract concerns that's harder to resolve. Much security FUD induces anxiety rather than actionable fear....
- Leadership 4 Reasons Why Computer Users Dread Installing Security Updates
Users avoid updates because they require too many clicks, downloads are heavy, finalizing requires reboots, and mechanisms fail for non-privileged users. Google Chrome and Windows Update show better...
- Leadership Limitations of Frameworks in Information Security
Security frameworks like ISO 27002 and PCI DSS provide structure, but organizations often adopt them blindly without considering applicability. Companies misinterpret prescriptive standards to suit...