- Malware Analysis Announcing REMnux Version 2: Linux Distro for Malware Analysis
- Risk Management Non-Financial "Currency" for Framing Security Discussions
Frame security discussions using internal "currency" beyond dollars—reputation, service availability, trade secrets. Also consider individual concerns: looking bad in front of managers, being fired...
- Malware Metrics for Measuring Enterprise Malware Defenses
Tracking "infections caught" provides little insight because changes could reflect better detection or just more attacks. More useful metrics include percentage of systems with current AV signatures,...
- Social Engineering Social Engineering in On-Line Scams: "Home Income Kit"
Online scams use psychological factors to lower victims' guard: greed (easy money), laziness (little work), social compliance (fake Facebook likes and comments), transitive trust (mimicking news...
- Risk Management Which Information Security Controls Are Most Important?
Comparing Securosis, PwC, and SANS 20 Critical Controls projects, system hardening appears across all three lists. Other consistently important controls include centralized security event monitoring,...
- Career Resist the Gentle Pull of Mediocrity
Comfort in a job can slowly lead to complacency—you stop learning and lose motivation without noticing. If drifting toward this state, shake things up: take on projects that might fail, attend...