- Tools Mitigating Attacks on the User of the Web Browser
Browsers are improving protection against socially-engineered malware. Internet Explorer's SmartScreen includes application reputation tracking—warning users about executables without reputation...
- Risk Management Cybersecurity Isn't a Standalone Discipline
You can do excellent security work and still go unnoticed if your team operates in isolation from the rest of the organization. Understand how your responsibilities connect to Finance, Legal, HR, IT,...
- Tools 10 Information Security Mistakes: A False Sense of Security
Ten practices that create false security: capturing logs without sufficient detail, policies no one follows, vulnerability scans without remediation processes, pen tests excluding workstations,...
- Training Make Security Policies Harder to Read to Improve Retention?
- Product Management Low Price as a Differentiator for Cybersecurity Products
Low price can be a cybersecurity product differentiator in several ways: strengthening an ecosystem (Microsoft's free Windows Defender), as loss leaders bundled with other products, as freemium...
- Cloud Cloud Risks and the Security Community
Most cloud security risks apply to IT in general and either have mitigations or have been accepted. InfoSec's role should be active participation in technical innovation, balancing risk with cost—not...