- Risk Management The Endowment Effect in Information Security
The endowment effect—valuing items in your possession more highly—may cause security professionals to overestimate the value of data they protect. Business managers, more removed from the data, might...
- Communication Tips for Troubleshooting Human Communications
Effective communication requires empathy, acknowledging different perspectives, and phrasing arguments using the other person's terminology and objectives. Key tips cover email best practices,...
- Malware How Malicious Code Can Run in Microsoft Office Documents
Microsoft Office documents can execute malicious code through VBA macros (requiring social engineering to enable), exploit payloads targeting Office vulnerabilities, embedded Flash objects, or...
- Encryption Confusing the Padlock and the Favicon in the Web Browser
Attackers can display padlock-shaped favicons to fool users into thinking non-HTTPS connections are secure. Chrome and Firefox addressed this by removing favicons from the URL bar, while Internet...
- Communication Slides for Presentation on Real-World Social Engineering Attacks
- Training Tying Shoelaces and Information Security
Most people tie shoelaces with the weaker knot because the stronger version is harder for children to learn. Similarly, security "best practices" we've followed for years may not be optimal—tribal...