Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Is Risk Avoidance the Key?

– My answer to this question is a resounding “yes.” But I don’t think that is the general view of cybersecurity professionals. After all, if business, government and other organizations pursued such a course, what would remain for cybersecurity folks to do? If you avoid the risk, then you…

Security Metrics, Recency Bias and Availability Heuristics

– I “recently” came across an article by Tom Chatfield with the title “The Trouble with Big Data? It’s Called The ‘Recency Bias,’” which is available at http://www.bbc.com/future/story/20160605-the-trouble-with-big-data-its-called-the-recency-bias The article was published on June 5,…

Algorithms and Risk Profiling

– I had begun this column a couple of months ago, but was diverted to other topics. What brought me back to the subject was a column by Sheelah Kolhatkar with the title “Higher Mathematics – Algorithm Blues” in “The Talk of the Town” section of The New Yorker of October 10, 2016. The…

Team Communications—Same Tune, Different Song

– There’s an interesting article in the September 2016 issue of the Communications of the ACM by Kate Matsudaira with the title “Bad Software Architecture Is a People Problem: When people don’t work well together they make bad decisions.” The article essentially describes many issues with…

Ron Ross and a “New” Approach to Cybersecurity

– No sooner had I finished my latest “Are We Secure?” piece than I read an August 23, 2016 article on Fedscoop by Shaun Waterman with the title “New Approach Needed to IT, Says NIST’s Top Cyber Scientist,” which you can find at…