Articles
Responsive Security in Action
4 min read
In 2013, our internal Information Security team carried out a series of controlled anti-phishing exercises. The purpose was to raise employees' awareness of potential spear phishing attacks through emails. Spear phishing has been a common first step for Advanced Persistent Threat (APT) attacks to gain access to a user's system before launching further attacks at internal targets. As such, if employees are vigilant against such attack patterns, we should effectively reduce the risk of successful APT attacks involving email phishing.
Getting More Responsive Security by Learning From Disaster Responses
5 min read
Editor’s Note: In the two previous blogs, we discussed some of the issues and dilemmas found within information security knowledge and practice domains. Those challenges arise fundamentally from the traditional approach that many organizations have adopted to address information security requirements. In this fourth installment, we look at how good preparation can improve security outcomes, […]
Issues and Dilemmas in Information Security Practices
5 min read
Editor’s note: In A Circular Problem in Current Information Security Principles, we highlighted one of the challenges in our knowledge domain that contributes to the ineffectiveness of today’s information security practices. In this third installment, we review the issues and dilemmas that are common in our practice environment. One of the challenges information security management teams […]
A Circular Problem in Current Information Security Principles
5 min read
Editor’s Note: In this second installment of the blog series on more responsive security, we take a closer look at the circular problems associated with four common security principles in managing “weak link” risks in Information Technology organizations. Before discussing what constitutes this responsive approach to security, let us first look at a few of […]
Understanding and Addressing the Challenges of Managing Information Security – A More Responsive Approach
2 min read
Just like bad weather conditions found in nature, such as typhoons, hurricanes, or snowstorms, technology system defects and vulnerabilities are inherent characteristics found in a cyber system environment. Regardless of whether it’s a fair comparison, weather changes are part of the natural environment that we have little direct control over, whereas the cyber environment is […]