Category: risks

Auto Added by WPeMatico

The Unintended Harms of Cybersecurity

Posted on By infossl
academicpapers, cyberattack, cybercrime, cybersecurity, riskassessment, risks, Security technology

Interesting research: “Identifying Unintended Harms of Cybersecurity Countermeasures“: Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the … Read More “The Unintended Harms of Cybersecurity” »

On Cyber Warranties

Posted on By infossl
cyberattack, economicsofsecurity, insurance, risks, Security technology

Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk (as envisioned by Ackerlof’s “market for lemons”) or a marketing trick. The conclusion: Warranties must transfer non-negligible amounts of liability to vendors in order to meaningfully overcome the market for lemons. Our preliminary analysis suggests the majority of cyber warranties cover … Read More “On Cyber Warranties” »

Andy Ellis on Risk Assessment

Posted on By infossl
psychologyofsecurity, riskassessment, risks, Security technology

Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year. I’ve written about this before. One quote of mine: “The problem is our brains are intuitively suited to the sorts of risk management decisions endemic to living in small family groups in … Read More “Andy Ellis on Risk Assessment” »

NSA on the Future of National Cybersecurity

Posted on By infossl
cybersecurity, nationalsecuritypolicy, nsa, risks, Security technology

Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US. There are four key implications of this revolution that policymakers in the national security sector will need to address: The first is that the … Read More “NSA on the Future of National Cybersecurity” »

On Cybersecurity Insurance

Posted on By infossl
academicpapers, cybersecurity, insurance, riskassessment, risks, Security technology

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance appears to be a weak form of governance at present. … Read More “On Cybersecurity Insurance” »

Risks of Password Managers

Posted on By infossl
passwords, passwordsafe, riskassessment, risks, Security technology

Stuart Schechter writes about the security risks of using a password manager. It’s a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security and risk is to only store passwords … Read More “Risks of Password Managers” »

Access Now Is Looking for a Chief Security Officer

Posted on By infossl
privacy, risks, Security technology, securitypolicies

The international digital human rights organization Access Now (I am on the board) is looking to hire a Chief Security Officer. I believe that, somewhere, there is a highly qualified security person who has had enough of corporate life and wants instead of make a difference in the world. If that’s you, please consider applying. … Read More “Access Now Is Looking for a Chief Security Officer” »