U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo

Cyber Safety for Students

“Children present unique security risks when they use a computer—not only do you have to keep them safe, you have to protect the data on your computer. By taking some simple steps, you can dramatically reduce the threats. ”

Read More
U.S. Dept. of Homeland Security - CyberSecurity and Infrastructure Security Agency - Logo

Privacy and Mobile Device Apps

“Mobile apps may gather information from your mobile device for legitimate purposes, but these tools may also put your privacy at risk. Protect your data by being smart with the apps you install and reviewing the permissions each app has.”

Read More

Essential Eight Explained

“There are an overwhelming number of cyber security strategies published that tailor to all sorts of infrastructures, market categories and cyber threats. The ACSC has compiled a list of mitigation strategies that organisations can use as starting points to improve …

Read More
Workers at the Idaho National Laboratory’s Critical Infrastructure Test Range. (Flickr/Idaho National Laboratory, CC BY 2.0)

The Myth of Consumer-Grade Security

Schneier on Security, August 28, 2019
By Bruce Schneier

“The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.”

Read More
Book Cover: Permanent Record

Permanent Record

Permanent Record
By Edward Snowden
Published by Metropolitan Books, September 17, 2019

“Edward Snowden, the man who risked everything to expose the US government’s system of mass surveillance, reveals for the first time the story of his life, including how he helped to build that system and what motivated him to try to bring it down.”

Read More

Before You Use a Password Manager

Medium.. June 5, 2019
By Stuart Schechter

“I cringe when I hear self-proclaimed experts implore everyone to “use a password manager for all your passwords” and “turn on two-factor authentication for every site that offers it.” As most of us who perform user research in security quickly learn, advice that may protect one individual may harm another. Each person uses technology differently, has a unique set of skills, and faces different risks.”

Read More

The Internet Has Made Dupes—and Cynics—of Us All

Wired, June 24, 2019
By Zeynep Tufekci

“Online fakery runs wide and deep, but you don’t need me to tell you that. New species of digital fraud and deception come to light almost every week, if not every day: Russian bots that pretend to be American humans. American bots that pretend to be human trolls. Even humans that pretend to be bots. Yep, some “intelligent assistants,” promoted as advanced conversational AIs, have turned out to be little more than digital puppets operated by poorly paid people. ”

Read More
National CyberSecurity Awareness Month

National CyberSecurity Awareness Month – October 2019

National Cyber Security Alliance

“Under the overarching theme of ‘Own IT. Secure IT. Protect IT.’, the 16th annual National Cybersecurity Awareness Month (NCSAM) is focused on encouraging personal accountability and proactive behavior in security best practices and digital privacy. It is also focused on drawing attention to careers in cybersecurity. ”

Read More

Fully Device Independent Quantum Key Distribution

Communications of the ACM, April 2019
Research Highlights : “Technical Perspective: Was Edgar Allan Poe Wrong After All?
By Gilles Brassard

Research Highlights : “Fully Device Independent Quantum Key Distribution
By U­mesh Vazirani, Thomas Vidick

“Artur Ekert realized as early as 1991 that a different kind of quantum cryptography was possible by harnessing entanglement, which is arguably the most nonclassical manifestation of quantum theory. Even though Ekert’s original protocol did not offer any security above and beyond my earlier invention with Bennett, he had planted the seed for a revolution. It was realized by several researchers in the mid-2000s that entanglement-based protocols could lead to unconditional security even if they are imperfectly implemented—even if the QKD apparatus is built by the eavesdropper, some argued. For a decade, these purely theoretical ideas remained elusive and seemed to require unreasonable hardware, such as an apparatus the size of the galaxy! Vazirani and Vidick’s paper provides an unexpectedly simple and elegant solution, indeed one that is almost within reach of current technology. Once it becomes reality, codemakers will have won the definitive battle, Poe’s prophecy notwithstanding.”

Read More

Cyber Security in the Quantum Era

Communications of the ACM, April 2019
By Petros Wallden, Elham Kashefi

“The ability to communicate securely and compute efficiently is more important than ever to society. The Internet and increasingly the Internet of Things, has had a revolutionary impact on our world. Over the next 5-10 years, we will see a flux of new possibilities, as quantum technologies become part of this mainstream computing and communicating landscape. Future networks will certainly consist of both classical and quantum devices and links, some of which are expected to be dishonest, with functionalities of various sophistication, ranging from simple routers to servers executing universal quantum algorithms. The realization of such a complex network of classical and quantum communication must rely on a solid novel foundation that, nevertheless, is able to foresee and handle the intricacies of real-life implementations and novel applications.”

Read More
DoD Cyber Strategy - 2018

DoD Cyber Strategy – 2018

Cyber Strategy: Summary, 2018
U.S. Department of Defense

“American prosperity, liberty, and security depend upon open and reliable access to information.  The Internet empowers us and enriches our lives by providing ever-greater access to new knowledge, businesses, and services.  Computers and network technologies underpin U.S. military warfighting superiority by enabling the Joint Force to gain the information advantage, strike at long distance, and exercise global command and control.”

Read More
Security Engineering, 2nd Ed.

Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Ed.

“The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here’s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.”

Read More
William Hugh Murray

An Interview with William Hugh Murray – A discussion of the rapidly evolving realm of practical cyber security

Communications of the ACM, March 2019
By Peter J. Denning

“What has changed over those years is not the need for security, but the risks and costs of insecurity. It should be clear to a casual reader of the news, let alone those with access to intelligence sources, that what we are doing is not working. It is both costly and dangerous… Most of the resistance to using these practices comes from loss of convenience. Good security is not convenient. But it is absolutely necessary for the security of our assets and the reliability of the many critical systems on which we all depend.”

Read More
Krebs on Security

The Market for Stolen Account Credentials

Krebs on Security, December 18, 2017
By Brian Krebs

“Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.”

Read More
Krebs on Security

The Value of a Hacked Email Account

Krebs on Security, July 10, 2013
By Brian Krebs

“This post aims to raise awareness about the street value of a hacked email account, as well as all of the people, personal data, and resources that are put at risk when users neglect to properly safeguard their inboxes. ”

Read More
Krebs on Security

The Value of a Hacked Company

Krebs on Security, July 14, 2016
By Brian Krebs

“If you help run an organization, consider whether the leadership is investing enough to secure everything that’s riding on top of all that technology powering your mission: Chances are there’s a great deal more at stake than you realize.”

Read More