August 4, 2014 14 antivirus apps found to have security problems http://www.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die Let us pass over the “All A are B” illogic in this and consider what we’ve known all along. AV doesn’t really work;…
October 2, 2012 An “11th Domain” book. http://www.infosectoday.com/Articles/Persuasive_Security_Awareness_Program.htm Gary Hinson makes the point here that Rebecca Herrold makes elsewhere: Awareness training is important. I go slightly further and think that a…
September 14, 2012 Learning to Counter Threats – Skills or Ethics? Fellow CISSP Cragin Shelton made this very pertinent observation and gave me permission to quote him. The long thread about the appropriateness of learning…
March 23, 2012 Social Engineering and sufficency of awareness training Someone asked: If you have a good information security awareness amongst the employees then it should not a problem what kind of attempts are…
January 25, 2010 Text vs HTML: what is more secure? There are “good” mailing lists and “not so good” mailing lists from the point of view of security. Try posting HTML mail to a…
December 27, 2009 Throwing in the towel I was saddened to hear of an InfoSec colleague who met with overwhelming frustration at work: After two years of dealing with such nonsense,…
