Access "Bruce Schenier, Marcus Ranum debate risk management"
This article is part of the October 2008 issue of Security 7 Award winners sound off on key information security issues
Does risk management make sense? Security Experts Bruce Schneier & Marcus Ranum Offer Their Opposing Points of View POINT by Bruce Schneier We engage in risk management all the time, but it only makes sense if we do it right. "Risk management" is just a fancy term for the cost-benefit tradeoff associated with any security decision. It's what we do when we react to fear, or try to make ourselves feel secure. It's the fight-or-flight reflex that evolved in primitive fish and remains in all vertebrates. It's instinctual, intuitive and fundamental to life, and one of the brain's primary functions. Some have hypothesized that humans have a "risk thermostat" that tries to maintain some optimal risk level. It explains why we drive our motorcycles faster when we wear a helmet, or are more likely to take up smoking during wartime. It's our natural risk management in action. The problem is our brains are intuitively suited to the sorts of risk management decisions endemic to living in small family groups in the East African highlands in 100,000 BC, and not to ... Access >>>
Premium Content for Free.
Embedded smart card chips are open to hack attacks
Using power analysis attacks, including Simple Power Analysis, hackers can attack the embedded microchips inside smart cards.
Product Review: Application Security Inc.'s AppDetectivePro
Application Security Inc.'s AppDetectivePro does deep inspections of database configurations to identify security issues. It's ideal for internal and external auditors, security professionals, consultants and others who need to perform on-the-fly database vulnerability assessments.
Learn how to choose NAC services
Figure out the right questions to ask your network access control (NAC) service provider or vendor.
Encryption no longer an optional technology
Unravel the ins and outs of how your organization should deploy encryption.
- Embedded smart card chips are open to hack attacks
Security 7 Award winners tackle important information security issues
The 2008 Security 7 Award winners have their say on information sharing, perimeter security, relationships, convergence, strategy, history and progress.
Product Review: Finjan Vital Security NG-5000
Finjan's Finjan Vital Security NG-5000's Web filtering engines provide strong detection of Web-based security threats.
LogRhythm product review
LogRhythm is a cross-platform log management that manages audit files and IT security management processes.
Product Review: Cymphonix's Network Composer
Cymphonix's Network Composer is a security and visibility appliance that controls and monitorstraffic passing through the network perimeter to the Internet.
- Security 7 Award winners tackle important information security issues
Bruce Schenier, Marcus Ranum debate risk management
Experts Bruce Schneier and Marcus Ranum debate whether risk management is an appropriate strategic direction for information security professionals to follow.
Combat social engineering the 'Carnegie' way
Dale Carnegie's "How to Win Friends and Influence People" can be a valuable tool for CISOs who are up against social engineering issues.
Interview: Chris Nickerson of TruTV's 'Tiger Team'
Chris Nickerson of Lares Consulting explains best practices for penetration tests and the risks of outsourcing.
Information security professionals have their say
Information Security magazine's Security 7 Award winners write personal essays on topics ranging from perimeter security, information sharing, physical and logical security convergence and progress made in the industry.
- Bruce Schenier, Marcus Ranum debate risk management
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...