- Tools Mitigating Attacks on the User of the Web Browser
Browsers are improving protection against socially-engineered malware. Internet Explorer's SmartScreen includes application reputation tracking—warning users about executables without reputation...
- Risk Management Information Security Isn't a Standalone Discipline
Information security exists to help organizations achieve corporate objectives, not as a goal in itself. Security professionals must understand how they fit into Finance, Legal, HR, IT, Marketing,...
- Tools 10 Information Security Mistakes: A False Sense of Security
Ten practices that create false security: capturing logs without sufficient detail, policies no one follows, vulnerability scans without remediation processes, pen tests excluding workstations,...
- Training Make Security Policies Harder to Read to Improve Retention?
- Malware Low Price as a Differentiator for Information Security Products
Low price can be a security product differentiator in several ways: strengthening an ecosystem (Microsoft's free Security Essentials), as loss leaders bundled with other products, as freemium...
- Cloud Cloud Risks and the Security Community
Most cloud security risks apply to IT in general and either have mitigations or have been accepted. InfoSec's role should be active participation in technical innovation, balancing risk with cost—not...