- Malware The Worrisome State of the Information Security Industry
The security industry faces fundamental problems: tools don't cater to our needs, vendors misrepresent capabilities, professionals preach to the choir rather than connecting with colleagues, spending...
- Risk Management Non-Financial "Currency" for Framing Security Discussions
Frame security discussions using internal "currency" beyond dollars—reputation, service availability, trade secrets. Also consider individual concerns: looking bad in front of managers, being fired...
- Risk Management Which Information Security Controls Are Most Important?
Comparing Securosis, PwC, and SANS 20 Critical Controls projects, system hardening appears across all three lists. Other consistently important controls include centralized security event monitoring,...
- Leadership CISOs Can Find Allies at the General Counsel Office
CISOs and General Counsel share overlapping goals: policy legality, intellectual property protection, risk/business balance, compliance obligations, and freedom to critique other groups' decisions....
- Tools Mitigating Attacks on the User of the Web Browser
Browsers are improving protection against socially-engineered malware. Internet Explorer's SmartScreen includes application reputation tracking—warning users about executables without reputation...
- Risk Management Information Security Isn't a Standalone Discipline
Information security exists to help organizations achieve corporate objectives, not as a goal in itself. Security professionals must understand how they fit into Finance, Legal, HR, IT, Marketing,...