- Web Security NoScript Strengthens Security Even If You Allow Scripting
NoScript's script-blocking requires users to allowlist every site—many automatically click "allow" or uninstall it. If script allowlisting isn't for you, enable scripts globally but keep NoScript's...
- Risk Management Information Security Isn't a Standalone Discipline
Information security exists to help organizations achieve corporate objectives, not as a goal in itself. Security professionals must understand how they fit into Finance, Legal, HR, IT, Marketing,...
- Tools 10 Information Security Mistakes: A False Sense of Security
Ten practices that create false security: capturing logs without sufficient detail, policies no one follows, vulnerability scans without remediation processes, pen tests excluding workstations,...
- Assessments Perception of Value in Security Consulting Projects
Clients can't evaluate specialized security work directly, so they estimate value by assessing effort—usually time. A skilled locksmith opening locks in seconds gets fewer tips than when...
- Communication Strong Communication Skills: 10 Tips for IT Professionals
Ten communication tips for IT professionals: frame conversations from the listener's perspective, avoid jargon, don't sound superior, switch to phone/in-person when email fails, let emotions cool...
- Social Engineering Deception Lessons for Information Security from World War II
WWII deception used ambiguity (uncertainty inhibiting intelligence assessments) and misleading approaches (building up wrong alternatives' attractiveness). Successful deception resembles jigsaw...