Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Friday, 15 November 2019

The cost of cyber security isn't just the purchase price

I know we often hear it said in the general security community that security is seen as a cost to the business and that’s why it can be hard to get funding.

Brian Krebbs has blogged on research examining what happens at US hospitals after a data breach or ransomware attack.
Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits.

As PBS noted in its coverage of the Vanderbilt study, after data breaches as many as 36 additional deaths per 10,000 heart attacks occurred annually at the hundreds of hospitals examined.
The researchers found that for care centers that experienced a breach, it took an additional 2.7 minutes for suspected heart attack patients to receive an electrocardiogram. 
“Breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes,” the authors found. “Remediation activity may introduce changes that delay, complicate or disrupt health IT and patient care processes.”

The cost of a control isn’t just in the purchase price, but also potentially in loss of productivity. In many cases an organisation accepts that cost because of the benefits the control brings. But we do need to be cognisant that their may be hidden costs to an organisation when implementing a new control. Is there really benefit in disrupting our users for some marginal security gain?
Posted by at No comments:
Labels: ,

Tuesday, 6 February 2018

Belfer Center releasese playbook on cybersecurity for election campaigns

The Belfer Center has released The Cybersecurity Campaign Playbook, a bipartisan guide for political campaigns on improving their cybersecurity.
The information assembled here is for any campaign in any party. It was designed to give you simple, actionable information that will make your campaign’s information more secure from adversaries trying to attack your organization - and our democracy.

Posted by at No comments:
Labels:

Sunday, 1 January 2017

Password strength - the don't care region

Mark Stockley advises us to Stop wasting time making the wrong passwords stronger.
Most of the effort spent on making passwords stronger is wasted, according to a trio of researchers from Microsoft in the USA and Carleton University in Ottawa, Canada.

The researchers, Dinei Florêncio, Cormac Herley and Paul C. van Oorschot, said in a recent paper that there are two vast “don’t care” regions where energy spent on strengthening passwords is simply wasted.
...
The first “don’t care” region is an online-offline chasm. The chasm represents the gap between the number of guesses a password might have to withstand in an online attack and how many it might face in an offline attack (you can read more about it in my article Do we really need strong passwords?).

Posted by at No comments:
Labels: ,

Wednesday, 28 September 2016

NIST's new draft password rules

Chester Wisniewski at Sophos discusses NIST's new draft policy in NIST’s new password rules – what you need to know.

Jim Fenton, a security researcher, has a slide show discussing the changes in Toward Better Password Requirements.
Posted by at No comments:
Labels:

Monday, 17 November 2014

Berlin, the city of "surveillance refuseniks"

In Berlin’s digital exiles: where tech activists go to escape the NSA Carole Cadwalladr documents how Berlin is become the city of choice for many people concerned about government surveillance.

Posted by at No comments:
Labels: , , , , ,

Wednesday, 30 July 2014

Gladwell on Macintyre on Philby and the problem of trust

In Trust No One Malcolm Gladwell looks at Ben Macintyre’s book A Spy Among Friends: Kim Philby and the Great Betrayal:
“A Spy Among Friends: Kim Philby and the Great Betrayal” (Crown) is the latest in Ben Macintyre’s series on twentieth-century espionage (including the best-selling “Operation Mincemeat”). All are superb, and “A Spy Among Friends” is no exception. Macintyre gives the familiar story of Philby new life, putting the case in its full social context.
I found it especially interesting because in the middle of the article Gladwell talks about the damage caused by two very different security models: the high trust model and the trust no one model. The former is prone to false negative errors (traitors like Philby), the latter to false positives (Wright erroneously accusing a prime minister of treason). But which is worse? In the former case secrets are lost and lives destroyed (literally in the Philby case when betrayed agents were executed by the Soviets). In the second, organisations may become unworkable resulting in nothing being achieved. As the article asks:
What did more damage—Philby’s treachery or the subsequent obsession among spy officials with preventing future Philbys?

It did make me wonder if a country might be better off having no intelligence service at all.

Posted by at No comments:
Labels:

Tuesday, 15 April 2014

"Because they used a 'short' integer, only 64 kilobytes worth of secrets are exposed."

Please Put OpenSSL Out of Its Misery pleads Poul-Henning Kamp: "OpenSSL must die, for it will never get any better".

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)