- Malware A Look at Today's Computer Attack and Defense Landscape
Modern threats use social engineering to bypass technical defenses, target workstations through browsers, compromise web applications, and maintain long-term interests in compromised environments....
- Risk Management Could Regulatory Compliance Encourage Weaker Security?
Compliance replaces social norms with market exchanges—companies see fines as a "price" rather than feeling obligated to protect data. Like day care parents who arrived late more often after fines...
- Risk Management The Reason For All Information Security Woes... Sleep Deprivation
Sleep deprivation fundamentally shifts a decision-maker's risk preference from minimizing losses to aggressively pursuing the best potential gains. Therefore, information security initiatives must be...
- Leadership 7 Inconvenient Truths for Information Security
Employees use personal devices for work, reuse passwords, write credentials down, click on links, and disable security software. Acknowledging these common behaviors as reality rather than pretending...
- Risk Management Turning Information Security Architects into Chefs
Some architects rigorously follow frameworks (recipe-diehards); others improvise based on experience. Neither approach alone suffices. True architects know design patterns and control frameworks for...
- Risk Management Border Bias and Risk Perception in Information Security
Research shows people irrationally believe state borders can protect against disasters, underestimating risks from across the line. In security, firewalls and other devices may create similar...