Articles on Risk Management

• Incident Response The Adversarial Cycle of Computer Attacks and Defenses
  The adversarial cycle has four phases: Attack (unfettered), Detect (forming response), Defense (attack rendered ineffective), and Mutate (attacker adapts). Defenders shorten Attack/Detect through...
• Leadership 9 Convenient Lies in Cybersecurity
  Familiar security claims like "we use AES-256" or "we're SOC 2 compliant" are technically true. Each one omits conditions that determine risk, and we need to communicate them carefully to avoid...
• Malware Enterprises Won't Adopt Adobe Reader X Any Time Soon
  Adobe Reader X's Protected Mode sandbox significantly improves security, yet 56% of enterprise installations ran vulnerable older versions. Organizations lack skills for large-scale non-Microsoft...
• Risk Management Why Computer Users Don't Install Security Patches
  Users focus on web and mobile applications, not OS internals—they won't remember to patch. Give up educating people to install patches manually; updates must be completely automated without user...
• Risk Management How Information Security Professionals Are Different
• Risk Management The Contagious Smell of Fear in Cybersecurity
  Security decisions are affected by factors beyond rational analysis—choice fatigue, sleep deprivation, and anxiety. Research shows fear can spread through scent; women who smelled "fearful sweat"...