- Risk Management Turning Information Security Architects into Chefs
Some architects rigorously follow frameworks (recipe-diehards); others improvise based on experience. Neither approach alone suffices. True architects know design patterns and control frameworks for...
- Product Management Security Products and Services: The Long Tail of SMB Customers
SMBs comprise roughly 80% of the potential security market—the long tail—but require different product, pricing, and marketing models than enterprises. Cloud services make security more affordable,...
- Risk Management Border Bias and Risk Perception in Information Security
Research shows people irrationally believe state borders can protect against disasters, underestimating risks from across the line. In security, firewalls and other devices may create similar...
- Incident Response Insider Threat - A Touchy Security Topic
The insider vs. outsider threat debate may be less relevant as external attackers increasingly compromise employee workstations via social engineering and exploit kits—outsiders become insiders....
- Leadership Return on Investment (ROI) - A Touchy Security Topic
ROI in finance means income-generating return, but security prevents loss rather than creating wealth. Vendors misuse "ROI" to justify expenses as "investments." ROSI calculations rely on annualized...
- Tools More Than a Hammer: Expanding the Information Security Toolbox
Security programs over-focus on networks and systems because infrastructure is most practitioners' background. The toolbox needs domain expertise in business functions, data analytics for measuring...