Articles on Risk Management

• Incident Response Insider Threat - A Touchy Security Topic
  The insider vs. outsider threat debate may be less relevant as external attackers increasingly compromise employee workstations via social engineering and exploit kits—outsiders become insiders....
• Leadership Return on Investment (ROI) - A Touchy Security Topic
  ROI in finance means income-generating return, but security prevents loss rather than creating wealth. Vendors misuse "ROI" to justify expenses as "investments." ROSI calculations rely on annualized...
• Leadership 5 Bad Habits of Cybersecurity Professionals
  Activity doesn't guarantee progress. Security teams keep falling into five habits that look productive, but leave our programs no stronger than before.
• Tools More Than a Hammer: Expanding the Information Security Toolbox
  Security programs over-focus on networks and systems because infrastructure is most practitioners' background. The toolbox needs domain expertise in business functions, data analytics for measuring...
• Malware The Worrisome State of the Information Security Industry
  The security industry faces fundamental problems: tools don't cater to our needs, vendors misrepresent capabilities, professionals preach to the choir rather than connecting with colleagues, spending...
• Risk Management Non-Financial "Currency" for Framing Security Discussions
  Frame security discussions using internal "currency" beyond dollars—reputation, service availability, trade secrets. Also consider individual concerns: looking bad in front of managers, being fired...