- Risk Management Why Are Executives More Prone to Accept Risks?
Research links high status and power to greater trust in others and overconfidence in one's own knowledge. Executives may accept security risks while being overly trusting and without spending...
- Cheat Sheets How to Suck at Information Security - A Cheat Sheet
A tongue-in-cheek collection of common security mistakes to avoid: deploying products without tuning them, treating all assets with equal rigor regardless of risk, locking down infrastructure so...
- Risk Management The Illusion of Invulnerability in Cybersecurity
Healthcare workers wash hands more often when signs emphasize protecting patients rather than themselves, because people overestimate their own invulnerability but not others'. Security messaging may...
- Incident Response The Adversarial Cycle of Computer Attacks and Defenses
The adversarial cycle has four phases: Attack (unfettered), Detect (forming response), Defense (attack rendered ineffective), and Mutate (attacker adapts). Defenders shorten Attack/Detect through...
- Malware Enterprises Won't Adopt Adobe Reader X Any Time Soon
Adobe Reader X's Protected Mode sandbox significantly improves security, yet 56% of enterprise installations ran vulnerable older versions. Organizations lack skills for large-scale non-Microsoft...
- Risk Management Why Computer Users Don't Install Security Patches
Users focus on web and mobile applications, not OS internals—they won't remember to patch. Give up educating people to install patches manually; updates must be completely automated without user...