Recommended books for (budding) risk professionals

Risk related books are a dime a dozen nowadays. Many are rehashing the stuff that was new and hot a couple of decades ago, fewer are keeping up with the industry maturation and even fewer are applying the academic learnings to the industry. Here's a short list of a few…

Read this article

Dunning-Kruger Effect and I, the impostor

Dunning-Kruger effect is an illusion of competence bias, presenting itself in two ways: one, the severely incompetent do not recognise their own incompetence, nor do they recognise competence in others, and assume they’re far better than they really are; two, the highly competent assume that others are at a…

Read this article

Security technology cargo cult: buy more boxes (part 2)

In Part 1 we looked at the deterrence quality of security controls. It’s one of the three attributes of security controls that are often ignored; sometimes consciously but more often due to ignorance. Now we will look at another attribute that is too often neglected: awareness. Typically when discussing…

Read this article

Security technology cargo cult: buy more boxes

Fear of reprisal is one of the most potent stimulants for action. It is also one that information security generally ignores. To that end the need to “improve security by buying more technology” is the prevalent course of action for most IT shops in large and small organisations. That this…

Read this article

Wassenaar Arrangement and dual-use computer code

The Wassenaar Arrangement is frequently mentioned in information security (and vulnerability research in particular) since inclusion of computer code as dual-use good. The Agreement does not clearly specify what is and isn't considered a controlled good that should be subject to export controls, making a number of security researchers and…

Read this article

Information security and the observer effect

The initial empirical study of the observer effect (Hawthorne effect), which said that people change their behaviour to the better when observed, has seen equal measures of criticism and support over the years. Whilst a lot of the critiques were typically academic (i.e. no impact on the end effect…

Read this article