Download as PDF
Blog Article
I've been reading a fascinating paper by Julia Slupska – "War, Health and Ecosystem: Generative Metaphors in Cybersecurity Governance" – that looks at how the metaphors we choose for Internet (in)security limit the kinds of solutions we are likely to come up with.
Blog Article
Blog Article
The latest text in the long-running saga of the draft ePrivacy Regulation contains further reassuring indicators for incident response teams that want to share data to help others.
Blog Article
In a world where data storage is almost unlimited and algorithms promise to interrogate data to answer any question, it's tempting for security teams to simply follow a "log everything, for ever" approach. At this week's CSIRT Task Force in Malaga, Xavier Mertens suggested that traditional approaches are still preferable.
Blog Article
A few weeks ago I gave a presentation to an audience of university accommodation managers (thanks to Kinetic for the invitation), where I suggested that we should view Data Protection as an opportunity, rather than a challenge.
Blog Article
Last week I was invited to be a member of a panel at the UN Internet Governance Forum on how law can help security and incident response and, in particular, information sharing. It seems there are still concerns in some places that privacy law is getting in the way of these essential functions.
Blog Article
Apparently Miranda Mowbray had been wanting to do a talk on "Things that Go Bump in the Night" for some time, and it made an excellent closing keynote for the 2019 FIRST conference in Edinburgh (recording now available on YouTube).
Blog Article
An interesting talk from Rockwell at this year's FIRST conference looked at how to organise incident response in environments containing network-connected hardware devices. Though Rockwell's focus is on industrial machinery, the same ideas should apply to smart buildings and other places where a security incident can cause physical, not just digital, harm. This is not the only difference: connected hardware devices tend to be much more diverse than PCs, and they are expected to have much longer lifetimes.
Blog Article
In data protection circles, the phrase "Safe Harbour" doesn't have a great reputation. Wikipedia describes those as setting hard boundaries around an area where "a vaguer, overall standard" applies. Famously, in 2015, the European Court of Justice struck down the data protection Safe Harbor arrangement negotiated between the European Commission and the US Government.
Blog Article
Incident response teams often share information when investigating incidents. Some patterns may only become apparent when data from different networks are compared; other teams may have skills – such as analysing malware – to understand data in ways we cannot. Since much of this information includes IP or email addresses - information classed as Personal under data protection law - concerns have arisen that attackers might be able to use the law to frustrate this sharing.
Prev | Next