- Risk Management Could Regulatory Compliance Encourage Weaker Security?
Compliance replaces social norms with market exchanges—companies see fines as a "price" rather than feeling obligated to protect data. Like day care parents who arrived late more often after fines...
- Risk Management The Reason For All Information Security Woes... Sleep Deprivation
Sleep deprivation fundamentally shifts a decision-maker's risk preference from minimizing losses to aggressively pursuing the best potential gains. Therefore, information security initiatives must be...
- Leadership 7 Inconvenient Truths for Information Security
Employees use personal devices for work, reuse passwords, write credentials down, click on links, and disable security software. Acknowledging these common behaviors as reality rather than pretending...
- Risk Management Turning Information Security Architects into Chefs
Some architects rigorously follow frameworks (recipe-diehards); others improvise based on experience. Neither approach alone suffices. True architects know design patterns and control frameworks for...
- Product Management Security Products and Services: The Long Tail of SMB Customers
SMBs comprise roughly 80% of the potential security market—the long tail—but require different product, pricing, and marketing models than enterprises. Cloud services make security more affordable,...
- Risk Management Border Bias and Risk Perception in Information Security
Research shows people irrationally believe state borders can protect against disasters, underestimating risks from across the line. In security, firewalls and other devices may create similar...