What business can learn from the Equifax data breach
Security professionals need a systematic analysis process to make sure they aren’t the next Equifax when customer data is compromised.
Ira Winkler | 12 Sep | Read more
Stories by Ira Winkler
How safe are your passwords? Real life rules for businesses to live by
While people applaud easier password guidance from NIST, easier is not better. Here’s what you need to consider when creating a company password policy.
Ira Winkler | 30 Aug | Read more
4 tips to make use of Wannacry in awareness programs
When security events make news, you can take advantage of the wake-up call — if you know what to do.
Ira Winkler | 12 Jul | Read more
8 ways millennials impact your security awareness program
The millennial generation has arrived. Is your awareness program up to the challenge?
Ira Winkler | 27 Jun | Read more
7 elements of a successful security awareness program
Action items for CSOs looking to bolster their security awareness programs.
Ira Winkler | 22 Jun | Read more
Hack Back law would create cyber vigilantes
The Active Cyber Defense Certainty Act revision demonstrates what happens when you rely upon limited information and a cowboy mentality.
Ira Winkler | 05 Jun | Read more
What security practitioners can learn from the United’s failures
The United airlines debacle was a complete failure of process, and many security programs suffer the same fate.
Ira Winkler | 19 Apr | Read more
What prevents breaches: process, technology or people? One answer is PC, and one is right.
Many experts say that people are more important than process in the IT security world. That is politically correct, as opposed to actually correct.
Ira Winkler | 12 Apr | Read more
If you think ransomware is a user failure, you’re a failure
It is easy to blame users for causing ransomware infections of their own systems. However, the reality is that for the user to infect their system, there are many technical failures, which are due to the IT staff’s actions or lack there of.
Ira Winkler | 28 Mar | Read more
Parting advice from Howard Schmidt
Security expert Ira Winkler reflects on the late-Howard Schmidt.
Ira Winkler | 07 Mar | Read more
Why awareness needs to teach scam detection and reaction
Most awareness programs teach users how to behave. Ira Winkler argues training needs to go further so people know what to do if they do fall victim to fraud.
Ira Winkler | 03 Mar | Read more
At Dulles, a security awareness success story
The detention of Norway’s former prime minister, when stripped of politics, was an example of proper security awareness.
Ira Winkler | 08 Feb | Read more
The flaw in applying culture to awareness programs
I appreciate that organizations are beginning to realize that they need to understand their corporate culture in their implementation of awareness programs. It is long overdue. Unfortunately as a concept, it is being grossly misapplied. In short, you don’t want to adhere to culture, you want to improve culture.
Ira Winkler | 07 Feb | Read more
Making the GRIZZLY STEPPE Joint Action Report useful
I was surprised when I saw the cynicism to the Joint Action Report (JAR) put out by the Department of Homeland Security and FBI. It seems like it is cool to criticize the report, and that can be a disservice to the whole industry.
Ira Winkler | 10 Jan | Read more
Security pros are their own worst enemy
Just when the world seems ready to listen to us, we give it a display of epic bickering.
Ira Winkler | 06 Jan | Read more