Loading ...
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Jens on The Difference between Quantitative and Qualitative Risk Analysis and Why It Matters (Part 1)
- IT Security » Blog Archive » IT Sec Professionals–Will Automated Security Tools Affect Your Job Security? on So Why Do We Need Security Professionals, Anyway?
- Bouch on Who’s In Charge Here? The Problem of Information Security Governance
- SecurityExec on Who’s In Charge Here? The Problem of Information Security Governance
- dustin on Patent No. 7,124,197: ARP Poisoning Hack!
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC compliance Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG law leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk Risk Analysis risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Category Archives: Human Elements
So Why Do We Need Security Professionals, Anyway?
September 3, 2008 – 6:00 am
–
So, why do we do what we do, and what if we couldn’t do it anymore? I have reinvented myself so many times over the years that anyone reading my curriculum vitae would imagine I was the victim of identity theft. Stints in the Teamsters, Longshoremen, and building unions have given me my…
Why Information Security Professionals Should Learn Texas Hold ‘em Poker
June 11, 2008 – 6:00 am
–
“Mathematics and psychology.” That’s poker (including Texas Hold ‘em) according to the legendary poker player Mike Caro. That could also describe the field of information security. In this column, while I’ll show some of the overlap between Texas Hold ‘em Poker…
Agility and Risk Compensation: Exploring the Connection
June 9, 2008 – 6:00 am
–
In my previous and inaugural column, I introduced the concept of a tradeoff between information security and agility, where agility was defined as “the capability to change with managed cost and speed.” Information security doesn’t necessarily have to be at odds with agility, but…
Bad Behavior - Thoughts on the Malicious Insider
May 30, 2008 – 6:00 am
–
Following every high-profile insider security breach, there is usually a slew of vendors who will triumphantly point out that, had they installed their product, the victim company would have avoided the whole painful problem. The adverse publicity, the implementation of new Draconian controls,…
The Password Dilemema: Improving the Mundane
May 27, 2008 – 6:00 am
–
The weaknesses of passwords used for authentication and authorization are well known. In fact, many security experts feel that using a password as the only means of accomplishing these goals constitute “worst practices.”
As a result, some higher risk entities (banks, governments, etc.) are…
