Skip to content

Month: September 2015

Security Drift: A Visual Metaphor for Why Things Fail…

Here’s a short(ish) video of the “security drift” concept I describe in People-Centric Security. Inspired by the research of Sidney Dekker, I find it works best in motion (I usually draw it on the back of a business card…) and illustrates the risks that can emerge when security competes with other cultural and behavioral priorities

Apologies in advance for quality issues. This ain’t exactly Khan Academy…

Will Culture be Security’s Next Compliance Challenge?

handcuffs and judge gavel on computer cyber crime concept

It is safe to say that compliance is a major reason that organizations worry about security today. Despite fears of hackers and cyberespionage dominating the news, despite appeals and guidance encouraging enterprises to shift their focus from audits and control checklists to threats and risks, there is plenty of evidence, from healthcare to finance, that complying with laws, regulations, and industry standards remains the biggest driver of security program strategies and budgets.