Security Design: Stop Trying to Fix the User by Bruce Schneier We must stop trying to fix the user to achieve security. We'll never get there, and research toward those goals just obscures the real problems. Usable security does not mean "getting people to do what we want." It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users' security goals without -- as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly…
Information Security
Vishing is getting more sophisticated.…
Are Colleges Teaching Real-World Cyber Security Skills? by Adi Shua SOC analysts must have a large amount of formal knowledge and the analytic abilities to derive actionable insights from the data collected by the company’s various security tools. Moreover, the analyst is expected to use human behavioral and business context to identify threats and make decisions about how to respond to keep the organization safe. However, most junior security staff enter the cybersecurity job market with only theoretical knowledge of…
Why Your Security Policies Could Be Failing Your Business For security policies to be followed, they must be known and enforced wherever possible and reasonable. If your users can’t follow your policies due to business process conflicts, or you can’t enforce the rules due to a lack of technology or another shortcoming you’re unwilling to mitigate, then you’re probably better off not having them at all.…
Joan Goodchild offers creative tips for companies looking to hire and develop information security talent.…