Stories by Bruce Schneier

Security ROI: Fact, fiction or fabrication?

Return on investment, or ROI, is a big deal in business. Any business venture needs to demonstrate a positive return on investment, and a good one at that, in order to be viable.

Selling security not always easy

There are two basic ways to sell something. Either a product gives the buyer something he or she wants — satisfaction, comfort or money — or it stops that person being subject to something he or she doesn't want: assault, fraud, burglary or a terrorist attack.

'Security in the cloud' is not the way to go

One of the basic philosophies of security is defense in-depth: overlapping systems designed to provide security even if one of them fails. An example is a firewall coupled with an intrusion-detection system (IDS). Defense in-depth provides security because there's no single point of failure and no assumed single vector for attacks.

The Witty worm -- a new chapter in malware

If press coverage is any guide, then the Witty worm wasn't all that successful. Blaster, SQL Slammer, Nimda, even Sasser made bigger headlines. Witty infected only about 12,000 machines, almost none of them home users. It didn't seem like a big deal. But Witty was a big deal (see story). It represented some scary malware firsts and is likely a harbinger of worms to come. IT professionals need to understand Witty and what it did.