Organisations are always looking for ways to improve their cyber security defences, but they often overlook the value of enrolling their employees on cyber security training courses. According to a study by Centify, 77% of…
Measuring the Security of IoT Devices
In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range…
Resources for Measuring Cybersecurity
Kathryn Waldron at R Street has collected all of the different resources and methodologies for measuring cybersecurity.Read more: schneier.com
Former FBI General Counsel Jim Baker Chooses Encryption…
In an extraordinary essay, the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors: In the face of congressional inaction, and in light of the magnitude of the threat,…
NSA on the Future of National Cybersecurity
Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US. There are four key…
NotPetya
Wired has a long article on NotPetya. Read more: schneier.com
On Cybersecurity Insurance
Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the…
France Outlines Its Approach to Cyberwar
In a document published earlier this month (in French), France described the legal framework in which it will conduct cyberwar operations. Lukasz Olejnik explains what it means, and it's worth reading. Read more: schneier.com
Exploiting GDPR to Get Private Information
A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR), which came into force in…