Every cybersecurity professional knows - and almost certainly owns - this book. Ross Anderson published the first edition back around 2001. He's starting a third edition and is using an on-line collaborative model for developing revisions. He has already posted drafts of a few revised chapters. Ross recently pointed out a disappointing result from Edward... Continue Reading →
My textbook lists categories of cyber-attacks that focus on an attack's lasting impact: how does it affect the target's assets and resources? Since the categories really reflect the attack's impact on the target, they really represent risks. Here are the categories I use right now: Denial of service - Pillage - Subversion Masquerade - Forgery - Disclosure This is a... Continue Reading →
The current fight is about whether we will impose a technological infrastructure which will be exceptionally vulnerable to attackers in order to provide nothing more useful than some very, very short-term advantages to people investigating crimes. Perry Metzger, commentary on the Cryptography mailing list last Friday Let me say it differently: We put everyone in... Continue Reading →
Ok, this is a backwards observation. One of my hot buttons is to spot "cyber security principles," that is, general but pointed observations on how to improve cyber security. A long-held principle is "Keep it Simple, Stupid." Thanks to Moore's Law and the constantly falling price of ever bigger, faster, and more complex tech, no... Continue Reading →
This is an extended, less-edited version of an article appearing in IEEE Security and Privacy in December 2012. This version specifically identifies all of the textbooks I reviewed while looking at information security design principles. Here is the citation for the published article: Smith, R.E.; , "A Contemporary Look at Saltzer and Schroeder's 1975 Design Principles," Security &... Continue Reading →
I'm a sucker for basic principles distilled into pithy prescriptions. A freelance writer, Brian Boyko, has distilled the basic features of graphical user interfaces (GUIs) into four principles: Control, Conveyance, Continuity, and Context. He uses them to structure a well-reasoned though shrill critique of Windows 8. I've just checked a few of my favorite usability... Continue Reading →
