Kaspersky Lab announces a brand-new OS focused on security

The past two years or so have brought a new breed of scary malware to the forefront of public attention, including the infamous Stuxnet worm that was discovered back in 2010.

Following hard on Stuxnet's proverbial heels, of course, were Duqu, Flame, Gauss, Shamoon, and Wiper, to name just a few examples.

These new threats are generally thought to be state-sponsored in many cases and developed for cyberespionage against specific targets; another factor in common is that they tend to work through Microsoft Windows.

It's long been known that Linux offers numerous security advantages over both Windows and Macs, of course, but security research firm Kaspersky Lab--which played a key role in identifying many of these frightening pieces of malware--apparently has other ideas.

Specifically, the company announced on Tuesday that it's developing--from scratch--a brand-new, security-focused operating system of its own.

'Relegated to second place'

“We’re developing a secure operating system for protecting key information systems (industrial control systems (ICS)) used in industry/infrastructure,” wrote Eugene Kaspersky, chairman and CEO of Kaspersky Lab, in a blog post on Tuesday.

Whereas typical corporate settings tend to place a high priority on security and the confidentiality of data, Kaspersky explained, industrial settings such as nuclear power stations and transportation control facilities tend to have a different focus.

Namely, “the highest priority for them is maintaining constant operation come hell or high water,” he wrote. “Uninterrupted continuity of production is of paramount importance at any industrial object in the world; security is relegated to second place.”

Software updates also tend to be skipped in such settings for similar reasons, Kaspersky added.

Written from scratch

In an ideal world, all ICS software would be rewritten to reflect today's new breed of malware and to incorporate all the latest security technologies available, Kaspersky pointed out. Of course, even with the vast cost and effort required, such a solution “would still not guarantee sufficiently stable operation of systems,” he added.

Accordingly, Kaspersky's goal is to build a secure operating system onto which ICS can be installed “and which could be built into the existing infrastructure–controlling 'healthy' existing systems and guaranteeing the receipt of reliable data reports on the systems’ operation.”

Kaspersky's new OS will be narrowly focused, he noted, as well as unable to execute any third-party code. It will not be based on any existing code, but rather will be written entirely from scratch.

Few other specifics were offered in his description, and Kaspersky noted that security through obscurity--keeping at least some of the details secret--is part of the company's long-term plan.

An ambitious plan

It is, of course, difficult to assess such a plan before anything is revealed and on the basis of so few specifics.

Still, given the growing number of corporations and governments embracing Linux for its superior security--the U.S. Department of Defense, the U.S. Navy, and the U.S. Air Force being just a few recent examples--it's a little difficult to imagine that a single organization, with a necessarily limited set of resources, could surpass the efforts of the global community of Linux developers who have created the hugely successful open source operating system.

In any case, even for those of us who don't work with industrial control systems, it seems to me the message here is pretty clear: If you need full security, you need something other than Windows.

No comments

Posted at 06:58 |  by Unknown

5 Components of a Social Media Governance Model

Even as social media presents unprecedented business opportunities for marketing, customer service, brand building and consumer relationships, many organizations are still struggling to embrace it for fear that it negatively effects worker productivity or puts the company at risk. A 2011 survey by Society for Human Resource Management reveals that 43% of businesses block access to social media on company-owned computers or handheld devices.

Rather than policing employees, these organizations would be better served by a social media governance model -- a collection of policies, procedures and educational resources that allow you to manage social media internally. A sound social media governance model empowers your employees while keeping them accountable. It allows you to quickly recover from a blow to your brand, or even sidestep it completely. It helps you keep your social initiatives on track and aligned with your business’ strategic goals.

While many of the elements of a social media governance model will vary across industries and organizations, here are five fundamental components that should be part of any plan.

Social Media Policy

A social media policy is the foundation of any social media governance model. Its purpose is twofold: to guide your employees and to protect your organization and your customers from risk. You should have a social media policy regardless of whether or not your business is actively engaged in a social media strategy. Facebook is on target to hit one billion users this year, and Twitter will soon have 500 million. Many of them are your employees, customers and competitors.

At a bare minimum your social media policy should include specific guidelines for each of the top three platforms: Facebook, Twitter and Linkedin. But though social media has become synonymous with that trio of powerhouses, the landscape is vast, encompassing blogs, wikis, podcasts, video sharing, microblogging, community forums and other tools. While it’s not necessary to develop a set of best practices for each of them, you should have a clear and consistent set of expectations that covers all your organization’s primary social channels.

Training

Earlier this year the Richmond Police Department found itself at the center of a controversy when one of its officers Tweeted threats of violence against members of the Anonymous hacking group in response to an attack on an Ultimate Fighting Championship website. The resulting flood of angry comments from the public prompted the Richmond P.D. to temporarily to disable comments on its Facebook page and ultimately led to an investigation of the officer.

This incident underscores a reality of the social media era: Every employee is a PR person, and it only takes one rogue Tweet or Facebook post to unravel your brand image. This makes training an essential part of any governance model. Without the proper resources to educate employees how to represent your organization on the social web, your social media policy is useless.

Monitoring

Nokia recently installed a Mission Control style social media monitoring station of six LCD screens in the lobby of its headquarters so that any employee can see in real time online conversations around the brand. This ambitious move underscores the importance of gathering and sharing information from the social web to help shape your strategies.

Your brand is likely being discussed on the social web whether you’re engaged in the conversation or not. It’s imperative you tune in to the chatter. Twitter and Google alerts offer simple ways to search for the names of your brand, your employees and your competitors. Social Media Monitoring tools like Radian 6, Sysomos and HootSuite offer more robust tools for acquiring, analyzing and acting on intelligence. Regardless of the tool you use, monitoring is a must for everything from shaping consumer sentiment about your brand to heading off a potential PR crisis.

Crisis Management Plan

In 2009, Toyota launched the largest recall in the company’s history in response to hundreds of reported cases of sticking accelerator pedals. The problem was caused by the pedal getting caught in the floor mat, making affected vehicles speed up uncontrollably, and it was linked to at least 50 reported fatalities. Rumors and panic spread across the web, and suddenly the brand, a model of automotive safety for decades, was embroiled in a digital disaster with little foundation in social media with which to combat it.

A PR crisis doesn’t have to be as dramatic as Toyota’s to be damaging. The Toyota recall illustrates a common thread that runs through all PR crises: a slow response from the organization exacerbates the crisis. At its basic level, your crisis management plan should outline how to use your social media channels to deliver a quick and appropriate response.

Toyota eventually turned to social media to repair its image, but its effort would have no doubt been more effective if it could have been leveraged to diffuse the controversy before it spiraled out of control.

Frequent Updates

A social governance model isn’t something to be stuck in a binder and shelved -- it’s a living system. The social media landscape is evolving at lightning speed, and your policies and best practices should evolve right along with it. Designate a social media governance team and a frequency for re-evaluating all elements of your governance model to assure it's never outdated.

No comments

Posted at 05:58 |  by Unknown

Build beautiful slide decks on your iPad with Haiku Deck

 

You're on the train to work. Inspiration strikes. You've just figured out how to double market share and save the company. Now you just have to sell the idea to the team.

Sure, you could pull out your laptop, wait for it to boot, run PowerPoint, and start the slow, laborious process of building a killer presentation.

Or you could pull out your iPad, run Haiku Deck, and start the fast, fun process of building a killer presentation -- and finish it before the train reaches your stop.


You're on the train to work. Inspiration strikes. You've just figured out how to double market share and save the company. Now you just have to sell the idea to the team.

Sure, you could pull out your laptop, wait for it to boot, run PowerPoint, and start the slow, laborious process of building a killer presentation.

Or you could pull out your iPad, run Haiku Deck, and start the fast, fun process of building a killer presentation -- and finish it before the train reaches your stop.


This is not hyperbole: Haiku Deck is one of the coolest slide-makers I've ever tried, in part because it's incredibly easy to use, and in part because it's smart.

As you probably know, half the battle in crafting a nice-looking slide is finding appropriate artwork to go with it. Haiku Deck lets you add your own, of course, but it also searches millions of free (i.e. Creative Commons-licensed) images based on the words you've chosen for that slide.

So, for example, if you enter words like "sales" and "money," you'll quickly get a list of thumbnails that match. Tap one you like and presto: You've got the perfect background for your slide.

You can also opt for a solid background color or insert your choice of bar, pie, or numeric charts, with manually entered labels and numbers.

Ultimately, Haiku Deck is all about whipping together attractive slides, and it's great for that. When you're done, you can share your deck via Facebook, Twitter, or e-mail, or get embed code for use with your blog or Web site. You even have the option of exporting your presentation for further tweaking in, say, PowerPoint or Keynote. Here's a sample, one that introduces Haiku Deck itself:

Created with Haiku Deck, the free presentation app for iPad

However, the app is definitely somewhat limited. It doesn't support sound, transitions, or animations. You can't manually place your text, and I couldn't figure out a way to change the background color for charts. In fact, trying to make any major slide changes often caused me to lose the work I'd already done. There's no "save" option as such.

That said, once you figure out Haiku Deck's mechanics (it took me all of about 10 minutes to fully learn the app), you'll find it a great tool for building short, simple, attractive slide decks on the run. And you can't beat the price: it's free. (There are additional themes you can buy, but I think most users will find the free ones sufficient.Haiku Deck helps you build slick slides like this one.

This is not hyperbole: Haiku Deck is one of the coolest slide-makers I've ever tried, in part because it's incredibly easy to use, and in part because it's smart.

As you probably know, half the battle in crafting a nice-looking slide is finding appropriate artwork to go with it. Haiku Deck lets you add your own, of course, but it also searches millions of free (i.e. Creative Commons-licensed) images based on the words you've chosen for that slide.

So, for example, if you enter words like "sales" and "money," you'll quickly get a list of thumbnails that match. Tap one you like and presto: You've got the perfect background for your slide.

You can also opt for a solid background color or insert your choice of bar, pie, or numeric charts, with manually entered labels and numbers.

Ultimately, Haiku Deck is all about whipping together attractive slides, and it's great for that. When you're done, you can share your deck via Facebook, Twitter, or e-mail, or get embed code for use with your blog or Web site. You even have the option of exporting your presentation for further tweaking in, say, PowerPoint or Keynote. Here's a sample, one that introduces Haiku Deck itself:

Created with Haiku Deck, the free presentation app for iPad

However, the app is definitely somewhat limited. It doesn't support sound, transitions, or animations. You can't manually place your text, and I couldn't figure out a way to change the background color for charts. In fact, trying to make any major slide changes often caused me to lose the work I'd already done. There's no "save" option as such.

That said, once you figure out Haiku Deck's mechanics (it took me all of about 10 minutes to fully learn the app), you'll find it a great tool for building short, simple, attractive slide decks on the run. And you can't beat the price: it's free. (There are additional themes you can buy, but I think most users will find the free ones sufficient.

No comments

Posted at 05:08 |  by Unknown

Do Klout Perks carry any real-world weight?

You may be more than the sum of your parts, but to Klout, you're just a number. The analytics company monitors your interactions on Twitter, Facebook, LinkedIn and beyond. It then sorts through the data to generate a numeric score that purportedly "measures a person’s overall online influence" on a scale from 1 to 100.

A tweak to Klout's algorithm in August was designed to improve accuracy, pulling in more variables and identifying "real world reach" with factors as Wikipedia mentions.

That number's accuracy is critical for more than online bragging rights. Companies pay Klout to offer Klout Perks—"products or experiences" to encourage high-scoring users to spread the word about their brand. For example, American Express gave $25 gift cards to encourage Klout "influencers" to shop during its Small Business Saturday event last November.

But do Klout scores generate enough ROI to warrant your small business's attention? Are Klout Perk campaigns worth the effort?

Murky numbers confuse things

Unfortunately, Klout is notorious for its tight-lipped nature. To celebrate the second anniversary of Klout Perks, though, Klout claimed in a blog post that it had delivered 700,000 perks in 350 separate campaigns over two years, with 300 different brands--including big leaguers like Coke, Disney, Microsoft and American Express.

That sounds impressive. However, 350 campaigns over two years averages out to just one campaign every two to three days. And if those 350 campaigns came from 300 brands, then a lot of companies aren't double-dipping into Klout Perks. Does that mean the ROI is low?

Individual campaigns show varying value  

A sample Klout score

Chevy, however, has used Klout Perks three times. Its second campaign enabled 130 Klout users in five U.S. cities to take a Chevy Sonic for a ride. The results, according to Media Post: 16,000 positive social media comments and a handful of homebrew videos--yet only a single confirmed sale. Chevy's Klout Perks campaigns are highly targeted affairs, however, singling out users from specific niches and cities. Is that the right approach to a Klout Perk campaign? At least one social media director says no.

Morgan Brown ran two Klout Perks campaigns for event ticket-seller ScoreBig.com; one offered 155 users with high scores in L.A. $100 in freebies and a $10 credit to referred friends. A second campaign blasted out free, early access to the site along with $25 off of any purchase to 10,000 people in New York, regardless of their Klout score. The first campaign didn't generate much additional interest; aside from the 79 users who claimed the $100 perk, the company only gained 173 users from referrals. Additionally, the cost per user was astronomical given the size of the perk.

The second campaign and its shotgun-style approach, meanwhile, generated 40 times as many social shares as the first, creating three times as many impressions and reaching nearly five times as many people. Since the perks were modest, the cost to acquire new members was far smaller, and well within company goals.

Are Klout Perks worth the time, money, and effort?

It depends what you're after. Targeted Klout Perk campaigns that single out high-profile influencers may be able to kick up a lot of social return on impressions, but probably offer little real-world return on investment. Klout's new algorithm could help, but I doubt it would make a major difference.


On the other hand, a shotgun-style approach that targets as many people as possible with less stratospheric perks may just pay off—if you plan it well and leave the bar to entry low.

In the end, it all depends on execution and costs, but Klout keeps its Perk campaign fees close to its chest. That's another area where Morgan Brown's post comes in handy; rumors often cite a $25,000 starting cost for a Klout campaign, but Morgan Brown's two only cost $5,000 apiece, plus Perk expenses.

No comments

Posted at 04:16 |  by Unknown

Passwords aren’t dying any time soon. Here's how to manage them effectively.

It’s tough to keep track of all of your passwords. In spite of advances in biometrics, and increased attention on the value of two-factor authentication, passwords remain the primary means of digital security. They're also one of the weakest links in the security chain. If we can’t get rid of passwords, we need a better way to manage them.

Remember when passwords were going to die out? Bill Gates told an audience, "There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."

That was in early 2004. Nearly a decade later we still rely heavily on passwords, and passwords still suffer from all of the same weaknesses Gates described.

I used to be guilty of recycling the same password across virtually every account as well. The sites and services I use broke me of the habit because the password policies are so different from one to the next that it became very difficult to even find a password that meets the requirements of all of them.

Fair enough. It’s a horrible policy anyway. Security best practice suggests you should use different passwords for different sites. Just as you don’t use the same key for your front door, car, bike lock, and safety deposit box, you don’t want to have the same password “unlock” all of your information. If one site or service is compromised and an attacker gets access to your password, you don’t want it to be a universal key to your entire online identity.

                                                          Passwords are literally the keys to your online world.

Apple recently unveiled details of the new Mac OS X, “Mavericks.” It is available only to developers right now, but one of the features Apple is adding is designed to help you choose more secure passwords, and manage them effectively without writing it on a sticky note pasted on the front of your monitor.

iCloud Keychain basically takes the password storage and management features of the existing Keychain feature and moves them to iCloud, where they can be accessed by and synced across iOS devices as well. The Mac OS X system running “Mavericks,” and any iOS devices with the upcoming iOS 7 will be able to auto-fill complex passwords from the iCloud Keychain.

That’s awesome for users who live and die by the Apple ecosystem, but it won’t work for someone using a Windows PC with an iPhone, or someone using a MacBook Pro with an Android smartphone—at least not yet. It’s a good solution, but an Apple-centric one.

PasswordBox is a new service that functions much like iCloud Keychain, except that it works cross-platform. PasswordBox is available on Mac OS X and Windows, and it’s available for iPhone, iPad, and Android mobile devices.

Like iCloud Keychain, PasswordBox stores passwords in the cloud using strong encryption to protect them from unauthorized access. When you need to log in, PasswordBox automatically retrieves the appropriate credentials. PasswordBox is free (for managing up to 25 passwords) and provides tools that let you share your credentials with family or friends—should they need the information if something happens to you—without directly revealing your passwords.

There are other services out there like 1Password, and LastPass that let you manage secure passwords more effectively. There is some concern about storing the keys to your digital life in the cloud—but it’s probably more secure than writing it down on a piece of paper and shoving it in your desk drawer, and it gives you access to your passwords any time and anywhere, from just about any device.

Make sure you choose secure ones, and find a tool that lets you remember and use them more easily.

No comments

Posted at 03:35 |  by Unknown

Speek eases conference calling hassles for Windows Phone

If that headline sounds familiar, it's because I wrote a similar one back in January about Speek for iOS. It's an app that brings conference-call creation and management to your smartphone.

At that time, I'm sure at least some folks were hoping for a Windows Phone version. Hope no more, because Speek is now available for Windows Phone 8.

Like its iOS predecessor, Speek for Windows Phone lets you set up conference calls right on your handset, using a highly visual motif. Each person is represented by their thumbnail photo from your address list, this giving you the chance to "see" everyone on the call.

Because I don't have a Windows Phone handset on which to test-drive the app, I'm making a few assumptions about it relative to the iOS version. The latter, for example, lets you set up an account right on the phone. This consists in part of a custom username that doubles as your unique URL, like Speek.com/WidgetCo.

From there you can set up call right away, inviting contacts via text or e-mail, or create a future call (here known as an event).

Whether the call happens now or later, participants either click the provided link or respond to the SMS invite. Speek dials their number, and presto, the person who answers is immediately on the call. At your end, you merely tap Start A Call, wait for your phone to ring, then return to the app.

Once the call is live, you can see the aforementioned thumbnail view of who's connected and even who's talking. You can also add callers on the fly, though it's not clear if the Windows Phone version lets you share images from your photo library. But it does let you make comments, mute individual talkers, and even remove participants if the need arises.

When the call is over, Speek immediately emails you a call history outlining who was on the call, how long it lasted, and any materials shared.

My complaint with the iOS version, which no doubt holds true here as well, was that those you invite via text have to manually enter (or at least copy and paste) the Speek phone number and your room name (like the aforementioned "WidgetCo").

No comments

Posted at 02:16 |  by Unknown

Location-Based Social Media Marketing for Small Businesses

Location, location, location: it's vital in property sales (and late-night comedy monologues). And if you play your cards right, location-based social media services can help you spread awareness of your business and drive customers to your door.

The check-in feature at Facebook exemplifies location-based social media use at its simplest. When you check in on Facebook, you're just telling your Facebook Friends "Here I am!" Google+ and Yelp up the ante by encouraging users to leave reviews.

Other social networks are completely built around location-based services. They turn the process of checking in at various locations into a real-world game, complete with points, achievement badges, leaderboards, and the ability to win rewards and discounts at participating locations. Foursquare's Swarm specials work best when big events are occurring nearby.

Foursquare's Swarm specials work best when big events are occurring nearby.

The biggest practitioner+ of gamified check-ins is Foursquare, but it has plenty of company. Scvngr, for example, puts a twist on the concept by asking users not only to visit specific places, but also to complete specific challenges.

When someone completes a task or checks into a location-based social network, the social network pushes that achievement to the person's friends and to anyone nearby. Gamified networks typically give users the option to post updates to Facebook as well, further extending the reach of the notification.

The Good News

Creating a location-based marketing campaign on a social network can cost next to nothing. You don't have to spend big bucks engaging a high-priced ad agency to develop a sophisticated advertising campaign. Setting up a check-in location or reward criteria on Foursquare or Scvngr is free, aside from the time and effort involved in getting it done. Once you've set up a location-based social offer, you don't need to do much to maintain it; the point is to have your customers spread the word and do the work for you.

The Bad News 

Groups of people can check in on Facebook, but providing an incentive for them to do so is up to you.Unfortunately, if your customers don't do the work for you, your location-based advertising campaign will fall flat on its face. Most businesses entice players into checking in by offering discounts or freebies (typically either buy one, get one free or buy one, get the second at a reduced price). This type of offer obviously takes money out of your pocket, but the increased sales volume might produce enough in profit to justify the expense.

But concrete numbers proving the effectiveness of actual location-based social network activities are hard to come by. For whatever reason, few businesses are willing to reveal how much business Foursquare and Facebook check-ins are driving to their door. The cost-to-benefit metrics aren't cut-and-dried, either.

Paul Ross, a vice president at analytics software provider Alteryx, told ReadWriteWeb that most businesses see only a 1 percent to 2 percent increase in sales for every 1000 Foursquare check-ins—but anecdotal evidence tells a different tale. HubSpot writes about a burger restaurant owner who used Foursquare specials to entice 161 users to his restaurant at once during a recent SXSW conference, and the owner of the Strange Brew Coffee House told the New York Times that his year-over-year business grew by 34 percent after investing in location-based social media marketing, at no additional cost aside from the 10 percent single-drink discount that owner Shane Reed offers to customers who check in.

Location-Based Social Marketing Campaign Ideas

Here are some marketing tactics you might use to attract social-network-connected customers to your business:

Give customers who simply check-in a small discount or a small reward—say, 5 to 10 percent off the regular price of a particular item. Consider offering a slightly larger reward to customers who leave a recommendation for your business on the network. Foursquare, Google+, Scvngr, and Yelp all encourage users to leave reviews after checking in at a location.

Offer bigger discounts when a large group of people checks in together. For example, you could take 15 percent off the restaurant tab when a group of five or more check in on a social network, or 1 percent off the bill for every person in a group of ten or more. You could also give everyone in the group a free nonalcoholic drink.

Offer specials for nearby wanderers. Some location-based social networks, such as Foursquare, let you create specials that appear only when someone checks in at a location nearby. You'll need to give something away—typically a discount or a buy-one/get-one-free deal—to entice foot traffic, but the offer could spark sales that you might have otherwise missed.

Create Scvngr challenges designed to stimulate sales. This works best for entertainment venues and restaurants, but it works for all types of organizations. If you're a restaurant owner with a big burger challenge, for example, you could issue a challenge on a social network and award discounts to diners who eat the entire meal in one sitting. Scvngr also lets you reward people who earn a certain number of points by doing specific things at a location. Get creative!

Not every reward needs to revolve around money. Rather than offering a discount, you could reserve choice parking spaces or prime tables for users who check in. Other possibilities include letting them skip lines, sample new products, or order from a special "check-in only" menu.

Promote your check-in specials through more-mainstream social media channels, such as Twitter and Facebook, to generate more awareness.

Foursquare lets business owners create specials that emphasize group check-ins and customer loyalty.Foursquare has lots of customization options based on specific user criteria. The Friends and Swarm special options are intriguing, because they encourage several customers to check in simultaneously or over a relatively brief period of time. The network also offers a bevy of loyalty specials based on how many times a person has checked in at a particular location.

You can offer specials to first-time buyers, to people who have checked in a certain number of times, or to whoever becomes the "Mayor" of your business. In Foursquare parlance, the Mayor of a location is the person who has checked in there the most often in the previous 60 days. Showering your Mayors with bigger discounts is a great way to encourage other folks to come in more often in an effort to snag the top spot.

Has your business used location-based social networks to its advantage? How did it go? Was it cost effective, or did it wind up being a headache? Please share your experiences in the comments!

No comments

Posted at 02:06 |  by Unknown

The art and science of risk management

Computers, networks, and information security seem to fall comfortably under the heading of science, but science alone is not enough. Security system developer Tripwire recently conducted a survey in cooperation with the Ponemon Institute to find out whether IT professionals consider risk management to be “science” or “art."

Ponemon surveyed 1,320 respondents across the United States and the United Kingdom: IT professionals working in information security, risk management, IT operations, business operations, and compliance. Participants were asked, “In your opinion, is information security risk management an ‘art’ or ‘science’?” Tripwire commissioned the Ponemon Institute to
conduct a risk management survey.

Ponemon defined the two concepts for the purposes of the survey. “Science” means basing decisions on objective, quantifiable metrics and data. “Art” refers to analysis and decisions that are based on intuition, expertise, and a holistic view of the organization.

Two-thirds of those from IT and enterprise risk management or business operations sided with “art,” while nearly two-thirds of the respondents who work in IT security and IT operations chose “science.”

Tripwire CTO Dwayne Melancon weighed in with some thoughts on the results. His take is that those who work in business operations and risk management generally don’t believe a precise answer is necessary in order to make a decision, so they favor art. Those who work in IT operations and security, on the other hand, view the world of risk management as a math problem with a specific answer, so they see it as a “science”.

Melancon explains that the disparity between art and science is the crux of the problem when it comes to managing risk effectively. “People with these viewpoints are talking about the same thing, but they are using very different language, which can make it difficult to come to a mutually agreed point of view.”

The simple reality is that risk management is both an art and a science. Computers are precision instruments that operate purely on ones and zeros. Computers—how they work, how they can be attacked, and how you manage risk and protect them—are devices that function based on science. But there is also a human factor—both in terms of the attackers and the victims—that adds an element of unpredictability, mixing intuition and art with the science.

Attackers are adept at exploiting the human factor to bypass security controls. Effective risk management depends on having the right tools in place—the science—while also having the big picture in mind, and understanding that the user is generally the weakest link in the security chain—the art.

No comments

Posted at 01:41 |  by Unknown