Browsing Tag

Information Security

General

Stop Trying to Fix the User

Security Design: Stop Trying to Fix the User by Bruce Schneier We must stop trying to fix the user to achieve security. We'll never get there, and research toward those goals just obscures the real problems. Usable security does not mean "getting people to do what we want." It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users' security goals without­ -- as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly…

Continue Reading

General

Cyber Range

Are Colleges Teaching Real-World Cyber Security Skills? by Adi Shua SOC analysts must have a large amount of formal knowledge and the analytic abilities to derive actionable insights from the data collected by the company’s various security tools. Moreover, the analyst is expected to use human behavioral and business context to identify threats and make decisions about how to respond to keep the organization safe. However, most junior security staff enter the cybersecurity job market with only theoretical knowledge of…

Continue Reading

General

Security Policy Security Failure

Why Your Security Policies Could Be Failing Your Business For security policies to be followed, they must be known and enforced wherever possible and reasonable. If your users can’t follow your policies due to business process conflicts, or you can’t enforce the rules due to a lack of technology or another shortcoming you’re unwilling to mitigate, then you’re probably better off not having them at all.…

Continue Reading