Interesting research: “Identifying Unintended Harms of Cybersecurity Countermeasures“: Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behaviour, user inclusion, or the … Read More “The Unintended Harms of Cybersecurity” »
Category: risks
Auto Added by WPeMatico
I fly a lot. Over the past five years, my average speed has been 32 miles an hour. That all changed mid-March. It’s been 105 days since I’ve been on an airplane — longer than any other time in my adult life — and I have no future flights scheduled. This is all a prelude … Read More “COVID-19 Risks of Flying” »
Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk (as envisioned by Ackerlof’s “market for lemons”) or a marketing trick. The conclusion: Warranties must transfer non-negligible amounts of liability to vendors in order to meaningfully overcome the market for lemons. Our preliminary analysis suggests the majority of cyber warranties cover … Read More “On Cyber Warranties” »
Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year. I’ve written about this before. One quote of mine: “The problem is our brains are intuitively suited to the sorts of risk management decisions endemic to living in small family groups in … Read More “Andy Ellis on Risk Assessment” »
Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US. There are four key implications of this revolution that policymakers in the national security sector will need to address: The first is that the … Read More “NSA on the Future of National Cybersecurity” »
Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance appears to be a weak form of governance at present. … Read More “On Cybersecurity Insurance” »
Stuart Schechter writes about the security risks of using a password manager. It’s a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security and risk is to only store passwords … Read More “Risks of Password Managers” »
Really interesting first-hand experience from Maciej Cegłowski. Powered by WPeMatico
Good essay on the security risks — to democratic discourse — of chatbots. Powered by WPeMatico
The international digital human rights organization Access Now (I am on the board) is looking to hire a Chief Security Officer. I believe that, somewhere, there is a highly qualified security person who has had enough of corporate life and wants instead of make a difference in the world. If that’s you, please consider applying. … Read More “Access Now Is Looking for a Chief Security Officer” »