If you haven't been following the controversy around Apple and the FBI, maybe all you need to know is that you should probably have an 11 character, random alpha-numeric passcode on your iPhone. This will probably be good enough to protect your iPhone from being cracked open by a brute force attack, no matter what Apple is forced to do for law enforcement.

For the past several years, I've talked about how "fear or compliance" are often the best ways to help justify the need for security. It's not that I'm trying to convince my readers that security investment is needed in their organization by scaring them or threatening them... They know it is needed. The problem is that they have a hard time articulating the need to executives who have limited time to listen, a whole different mentality around risk and a need to watch the bottom line in the short term. Sometimes pointing out the worst case impacts (e.g. fear) or pointing to regulations (e.g. threats of penalties from non-compliance) are needed, but sometimes they aren't effective or appropriate. I recently had a conversation with an executive that gave me this idea, to focus on what I call Due Diligence Risk.

If you're keen to use all the cool new gadgets that are coming on the market, but are wondering how you can protect your network from their inevitable vulnerabilities, I have a suggestion for you: Three Dumb Routers. First, I'll explain, in simple terms, what it takes to set this configuration up, and then I'll try to briefly explain why it is a good approach to protecting your network from the Internet of Things, assuming you really have your heart set on playing with these things, or at least showing them off.

I love using analogies when explaining things to people. If we compare learning some common activity that we all understand, like training people to drive, with […]