Just how much of the computer security industry revolves around Microsoft? Not Bad for a Cubicle points to this somewhat informal analysis of how the security industry basically drops everything immediately prior to and on “patch Tuesdays.”

We’ve had a few different posts suggesting that the focus some people have on “ROI” in security is mistaken, but ROI is just one number of many in the ever growing list of “metrics” that people often like to look at. There’s been a great debate in the blogosphere lately about how valuable (or not) [...]

Two separate blog posts do a very different, but very good, job of reminding us that “awareness” is a key element to any security risk management strategy. RiskAnalys.is has a great post pointing out the differences between vulnerability management and real risk management that highlights that any strategy that doesn’t include end user awareness just [...]

Microsoft’s Jim Allchin made some waves recently when he said that he’s so confident in Vista’s built-in security features that his seven-year-old son’s PC running it doesn’t have anti-virus software. The comment turned into “Allchin says Vista doesn’t need AV software” in the media, and Allchin posted a response on his own blog, clarifying his [...]

It may be an old cliche that you have to expect the unexpected, but that doesn’t make it any less true. Any plan that involves identifying and protecting against a finite set of threats will fail against a threat that’s never been seen before. Remember the bombing at the PayPal offices that we recently discussed? [...]

A new study of federal government IT officials has found that it’s those darn telecommuters keeping them up at night. Once someone is outside the physical limits of a building or set of buildings, it brings on a whole new set of challenges, whether they’re connecting via a laptop or another device. Being on the [...]

The market for mobile email continues to grow: last week’s purchase of Good Technology by Motorola is indicative of the interest in the space from the industry’s major players, and how they’re aiming to knock the BlackBerry off its perch. There are a number of vendors gunning for RIM, and the vast majority of them [...]

As is sometimes said when discussing security, your computer might be safe from hackers, but it probably can’t withstand a grenade being dropped on it. The line is meant to highlight the very true fact that there’s no such thing as absolutely perfect security. It also is a reminder that there’s a physical side to [...]

Bruce Schneier has another excellent post on real vs. perceived risk, pulling from an LA Times op ed that talks about how we over-react to some risks and under-react to others. Four criteria are listed out:

We over-react to intentional actions, and under-react to accidents, abstract events, and natural phenomena.
We over-react to things that offend our [...]

There’s a fascinating debate going on in the security blog world taking on that old favorite “security by obscurity,” but moving it out of the computer security world into a security world that’s been around a little bit longer: traditional locks and lockpicking techniques. It was kicked off by an article in the Wall Street [...]