This is actually a link dump for the past two weeks. Last week completely got away from me.
All the cool kids were bashing passwords the past two weeks. , [22-23], ,  I agree that passwords are not the ideal authentication tool. However, it seems that history has shown that passwords strike the right balance between security and usability. Some of you might say that is a sad commentary on the advancement of security technology. I’d counter by saying that the password’s persistence speaks volumes of the risk tolerance our businesses are comfortable with. It also speaks volumes about where the masses prefer the balance between security and usability. As security pros we all want to get it perfect. We need to make peace with the fact that good enough is sometimes all we need. Send counterpoints to the Comments.
Now let me talk out of the other side of my mouth. Passwords are important, especially in the realm of mobile devices. When the bad guys have physical control of the device, many times that password is the only thing between them and the data. The Certified Secure guys were able to crack the iPhone to get address book, photos, videos, and web history but still weren’t able to get the other data stored on the device.  Had Certified Secure obtained the password somehow, they would have had the keys to the kingdom. Password security is the long pole in the mobile device security tent. Here’s hoping the user doesn’t leave a bunch of greasy finger prints on the screen showing the attacker which keys to push. (Ed. Note: Please notice I said “password” and not “PIN”. While passwords might be good enough, I don’t think PINs are. )
Finally, there were some interesting risk assessment and management articles in this batch. NIST has issued its guide for conducting risk assessments. ,  I’ve not yet read it so I will not issue any opinion. Still, if you’re in the government sector I’d start getting used to it. Jay Jacobs and Jeff Lowder have some insightful comments on creating a risk management organization.  Wrapping things up, take a look at the article on Cyber Liability Insurance.  Risk Transference has been a control we’ve been unable to take full advantage of in the security space. Cyber Liability insurance is giving us some new options. While it isn’t right for all situations, it could be right for some. You’ll have to do you homework to find the answer for your organization.