Security risks in our organisation are usually risks we want to treat. To achieve this, security professionals turn to implementing so-called controls. This is a word loaded with promise. Of course we want control, especially with the growing amount of cyber uncertainty. But do the techniques we use for controlling risk necessarily result in actual control?
Anyone can relate to an e-mail they got, that seemed a bit suspicious. Or to seeing a Facebook campaign that seemed too good to be true. Security is not something special that matters only for a few people. According to a recent online survey of American adults, 39% said they would sacrifice sex for one year if it meant they never had to worry about being hacked.