- Risk Management Why Business Managers Ignore IT Security Risk Recommendations
Business managers may dismiss security recommendations for multiple reasons: they're better positioned to make risk decisions, they've become immune to FUD, they're fatigued from constant...
- Risk Management Choice Fatigue Might Affect Information Security Decisions
Research shows judges grant parole more often after meals because mental exhaustion from repeated decisions leads to status-quo choices. Security professionals making continuous decisions about...
- Malware A Look at Today's Computer Attack and Defense Landscape
Modern threats use social engineering to bypass technical defenses, target workstations through browsers, compromise web applications, and maintain long-term interests in compromised environments....
- Risk Management Could Regulatory Compliance Encourage Weaker Security?
Compliance replaces social norms with market exchanges—companies see fines as a "price" rather than feeling obligated to protect data. Like day care parents who arrived late more often after fines...
- Risk Management The Reason For All Information Security Woes... Sleep Deprivation
Sleep deprivation fundamentally shifts a decision-maker's risk preference from minimizing losses to aggressively pursuing the best potential gains. Therefore, information security initiatives must be...
- Leadership 7 Inconvenient Truths for Information Security
Employees use personal devices for work, reuse passwords, write credentials down, click on links, and disable security software. Acknowledging these common behaviors as reality rather than pretending...