Publication: Economic valuation for information security investment: a systematic literature review

Looks like Information Systems Frontiers – A Journal of Research and Innovation published one of my papers. This one is taking a systematic look at literature related to measuring value of Information Security in organisations. Research on technological aspects of information security risk is a well-established area and familiar territory for most information security professionals. The same […]

Security Awareness training vs. Media hype

Security awareness training is an interesting topic; the importance to educate your security challenged employees or family members is generally undisputed but yet there are intense debates whether security awareness training makes any difference and/or is worth the effort put behind it. And it is somewhat discouraging if even industry bigwigs like Schneier and Ranum […]