When risk is present it calls for treatment, and security is a never-ending process... right? Yes, but as a security professional, it's easy to become focused on the hard problems (download PDF) of security -- falling into the arms race for more, more, more security controls -- and lose sight of the impact of the controls themselves.
Stories by Jon Espenschied
Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.
The best phishing e-mail I've seen recently purported to come from none other than the head of the FBI. "Robert Mueller" was offering to ensure the safety of a money transfer from a confidential third party, if only the recipient would provide her or his bank information in an official-looking form.