We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:



Recent Podcasts


\ Blog\ GRC


September 18, 2017 | Embedded Systems and Internet of Things
By Chris Poulin, IANS Faculty

 Poulin: The Economics of IoT Fear and Uncertainty

Information- (and now device-) security is an underappreciated field. It’s anti-climactic and difficult to justify the cost of building security in, bolting security on and implementing security controls for the operating environment. But it's up to us in the community to become early adopters and work with the manufacturers to make products as secure as possible for the general public. 

Read More »

December 14, 2016 | Risk Management
By Rich Guida, IANS Faculty

 Developing a Risk Register Using the Socratic Method

One of the most common mistakes we make as infosec professionals is to approach risk assessment as if it’s only relevant to us. Since we are the high priests and priestesses of such risk, we may expect the laypeople to just listen to us tell them what they should be worried about. But that’s simply not how it works. Identification and evaluation of infosec risks must start with the business units, not with us – so we need to seek these people out and initiate dialogue.

Read More »

November 17, 2016 | Encryption, Digital Signatures, Certificates, Tokenization
By Ken Van Wyk, IANS Faculty

 Van Wyk: Email Privacy Expectations Not Aligned With Current Technology, Practices

No matter whom you voted for on November 8, it seems fair to say that email played a pretty significant role in the election — and not in a good way. We’ve seen private email servers, email accounts hacked and their contents exposed, and so on. Email has garnered a lot of attention this year, which, at least from where I sit, is regrettable.

Read More »

August 24, 2016 | Enterprise and IT Compliance Management
By Daniel Maloof, IANS Managing Editor

 IANS Faculty Break Down NIST’s Proposed New Password Guidelines

After recently recommending the phasing out of SMS-based two-factor authentication, the National Institute for Standards and Technology (NIST) has now released new guidelines (currently in a public preview period) for password security – and feedback from the infosec community has been all over the map.

Read More »