When Security Controls Give Less Control

Security risks in our organisation are usually risks we want to treat. To achieve this, security professionals turn to implementing so-called controls. This is a word loaded with promise. Of course we want control, especially with the growing amount of cyber uncertainty. But do the techniques we use for controlling risk necessarily result in actual control?

Competent people are needed to reap the benefits of technical controls.

Continue reading “When Security Controls Give Less Control”

Nobody Is Really Against Security

Anyone can relate to an e-mail they got, that seemed a bit suspicious. Or to seeing a Facebook campaign that seemed too good to be true. Security is not something special that matters only for a few people. According to a recent online survey of American adults, 39% said they would sacrifice sex for one year if it meant they never had to worry about being hacked.

A general risk analysis would usually put people “up there”, in terms of damage potential and probability for incidents.

Continue reading “Nobody Is Really Against Security”