Articles on Risk Management
- Leadership Limitations of Frameworks in Information Security Security frameworks like ISO 27002 and PCI DSS provide structure, but organizations often adopt them blindly without considering applicability. Companies misinterpret prescriptive standards to suit...
- Risk Management Information Security Implications of the New Tech Bubble
- Career Are Mistrustful People Better at Cybersecurity? One research study suggested that trusting people make better lie detectors than mistrustful ones, though a more rigorous replication later cast doubt on it. The more durable lesson applies in...
- Risk Management Know the Alternatives When Negotiating IT Risk Mitigation Approaches When business managers reject expensive security recommendations, present alternative mitigation options—such as virtual patching as a stopgap before code fixes. Understanding your BATNA (Best...
- Risk Management Choice Fatigue Might Affect Cybersecurity Decisions Research shows judges grant parole more often after meals because mental exhaustion from repeated decisions leads to status-quo choices. Security professionals making continuous decisions about...
- Malware A Look at Today's Computer Attack and Defense Landscape Modern threats use social engineering to bypass technical defenses, target workstations through browsers, compromise web applications, and maintain long-term interests in compromised environments....