We're all familiar with the saying, "Never judge a book by its cover," and this holds up in information security as well as anyplace. ...

When reporting on patch levels for use in metrics as part of risk management there are two areas that are commonly dismissed which are...

There are three considerations for valuation of a security program: Security effectiveness: Is it doing its job? That is, how effective...