Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: awareness

The Password Dilemema: Improving the Mundane

– The weaknesses of passwords used for authentication and authorization are well known. In fact, many security experts feel that using a password as the only means of accomplishing these goals constitute “worst practices.” As a result, some higher risk entities (banks, governments, etc.) are…

How to Make Security a Presence in Your Organization

– Welcome once again to the risk rack. In this risk rack I will be discussing a way to bring some presence to your security awareness month. To the uninitiated, National Security Awareness Month occurs in October and is supported by the U.S. Department of Homeland Security. A security program is…

Does Security Awareness Work (pt. 2)? It all Depends on What You Mean by “Work”

– Several weeks ago this column printed an article entitled, “Does Security Awareness Work? Some Answers from Experimental Research.” The article presented results from three published experiments concerning the effectiveness of awareness programs. In the final paragraph of that piece, readers…

Does Security Awareness Work? Some Answers from Experimental Research

– Shortly before the 2004 Infosecurity Europe trade show was held in London, a small group of researchers gathered at a major rail station in that city and proceeded to approach the mass of morning commuters. The researchers offered a deal to each individual: If you tell me one of the passwords you…

Our End Users: The Weakest Link

– Hackers and professional criminals are like most people; they want to accomplish their goal in the easiest way possible. As we have become better at implementing technical controls, such as hardening servers, more aggressive patching, and deployment of a vast array of security devices /…