The Six Types of Cyber-Risks

My textbook lists categories of cyber-attacks that focus on an attack's lasting impact: how does it affect the target's assets and resources? Since the categories really reflect the attack's impact on the target, they really represent risks. Here are the categories I use right now: Denial of service - Pillage - Subversion Masquerade - Forgery - Disclosure This is a... Continue Reading →

Example of KISS

Ok, this is a backwards observation. One of my hot buttons is to spot "cyber security principles," that is, general but pointed observations on how to improve cyber security. A long-held principle is "Keep it Simple, Stupid." Thanks to Moore's Law and the constantly falling price of ever bigger, faster, and more complex tech, no... Continue Reading →

Security Design Principles

This is an extended, less-edited version of an article appearing in IEEE Security and Privacy in December 2012. This version specifically identifies all of the textbooks I reviewed while looking at information security design principles. Here is the citation for the published article: Smith, R.E.; , "A Contemporary Look at Saltzer and Schroeder's 1975 Design Principles," Security &... Continue Reading →

GUIs: Control, Conveyance, Continuity, and Context

I'm a sucker for basic principles distilled into pithy prescriptions. A freelance writer, Brian Boyko, has distilled the basic features of graphical user interfaces (GUIs) into four principles: Control, Conveyance, Continuity, and Context. He uses them to structure a well-reasoned though shrill critique of Windows 8. I've just checked a few of my favorite usability... Continue Reading →

Create a website or blog at

Up ↑