Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: education

CISSP-squared: Passing the Exam a Decade Later

– In February 2003 I took and passed the CISSP exam. As much as the CISSP is the current industry gold standard (as a colleague of mine recently reminded me) it had even more prestige in 2003. Worldwide there were less that 45,000 certification holders in 2003 and it was the hallmark of excellence.…

Top 5 Things CISOs Should Do During This Bad Economy?

– Whenever my personal budget is down and I am concerned about tightening my belt I seem to always turn to fixing things in my home. While my wife would prefer that our household budget always be up rather than down, she seems happy when I suddenly begin completing half-done projects around the…

How to Make Security a Presence in Your Organization

– Welcome once again to the risk rack. In this risk rack I will be discussing a way to bring some presence to your security awareness month. To the uninitiated, National Security Awareness Month occurs in October and is supported by the U.S. Department of Homeland Security. A security program is…

Does Security Awareness Work (pt. 2)? It all Depends on What You Mean by “Work”

– Several weeks ago this column printed an article entitled, “Does Security Awareness Work? Some Answers from Experimental Research.” The article presented results from three published experiments concerning the effectiveness of awareness programs. In the final paragraph of that piece, readers…

Does Security Awareness Work? Some Answers from Experimental Research

– Shortly before the 2004 Infosecurity Europe trade show was held in London, a small group of researchers gathered at a major rail station in that city and proceeded to approach the mass of morning commuters. The researchers offered a deal to each individual: If you tell me one of the passwords you…