Articles on Risk Management

• Risk Management Information Security Implications of the New Tech Bubble
• Career Are Mistrustful People Better at Cybersecurity?
  One research study suggested that trusting people make better lie detectors than mistrustful ones, though a more rigorous replication later cast doubt on it. The more durable lesson applies in...
• Risk Management Know the Alternatives When Negotiating IT Risk Mitigation Approaches
  When business managers reject expensive security recommendations, present alternative mitigation options—such as virtual patching as a stopgap before code fixes. Understanding your BATNA (Best...
• Risk Management Choice Fatigue Might Affect Cybersecurity Decisions
  Research shows judges grant parole more often after meals because mental exhaustion from repeated decisions leads to status-quo choices. Security professionals making continuous decisions about...
• Malware A Look at Today's Computer Attack and Defense Landscape
  Modern threats use social engineering to bypass technical defenses, target workstations through browsers, compromise web applications, and maintain long-term interests in compromised environments....
• Risk Management Could Regulatory Compliance Encourage Weaker Security?
  Compliance replaces social norms with market exchanges—companies see fines as a "price" rather than feeling obligated to protect data. Like day care parents who arrived late more often after fines...