- Social Engineering Social Engineering in On-Line Scams: "Home Income Kit"
Online scams use psychological factors to lower victims' guard: greed (easy money), laziness (little work), social compliance (fake Facebook likes and comments), transitive trust (mimicking news...
- Risk Management Which Information Security Controls Are Most Important?
Comparing Securosis, PwC, and SANS 20 Critical Controls projects, system hardening appears across all three lists. Other consistently important controls include centralized security event monitoring,...
- Career Resist the Gentle Pull of Mediocrity
Comfort in a job can slowly lead to complacency—you stop learning and lose motivation without noticing. If drifting toward this state, shake things up: take on projects that might fail, attend...
- Leadership CISOs Can Find Allies at the General Counsel Office
CISOs who build strong working relationships with General Counsel gain a powerful ally for navigating compliance obligations, protecting intellectual property, and managing risk. The regulatory...
- Social Networking Quora Essentials for Information Security Professionals
- Social Networking Retrospective: Why I Started This Security Blog