Month: December 2014

User education is a hot topic in information security. Through education we can empower our users to protect information in a environment that’s frequently challenging and where natural assumptions about behaviour don’t always hold true. I wonder though if it’s possible to take this too far. Not all responsibility for the insecurity of systems, even […]

For many if not most organisations information security risk management is a new and relatively immature activity that they are still discovering and learning more about. This can mean that the results of the activity can be imperfect. As we learn we can improve the process to better fit the requirements of the organisation but […]