Articles on Risk Management
- Risk Management Know the Alternatives When Negotiating IT Risk Mitigation Approaches When business managers reject expensive security recommendations, present alternative mitigation options—such as virtual patching as a stopgap before code fixes. Understanding your BATNA (Best...
- Risk Management Why Business Managers Ignore IT Security Risk Recommendations Business managers may dismiss security recommendations for multiple reasons: they're better positioned to make risk decisions, they've become immune to FUD, they're fatigued from constant...
- Risk Management Choice Fatigue Might Affect Information Security Decisions Research shows judges grant parole more often after meals because mental exhaustion from repeated decisions leads to status-quo choices. Security professionals making continuous decisions about...
- Malware A Look at Today's Computer Attack and Defense Landscape Modern threats use social engineering to bypass technical defenses, target workstations through browsers, compromise web applications, and maintain long-term interests in compromised environments....
- Risk Management Could Regulatory Compliance Encourage Weaker Security? Compliance replaces social norms with market exchanges—companies see fines as a "price" rather than feeling obligated to protect data. Like day care parents who arrived late more often after fines...
- Risk Management The Reason For All Information Security Woes... Sleep Deprivation Sleep deprivation fundamentally shifts a decision-maker's risk preference from minimizing losses to aggressively pursuing the best potential gains. Therefore, information security initiatives must be...