Category: "Security Policies"

About the Security Policies category

  By Hagai Bar-El   , 51 words
Categories: Security Policies

This category contains articles that discuss security policy issues, both at the corporate level and at the national and international levels. This domain consists also of security guidelines and procedures, as well as national policy considerations addressing national security, privacy, and more.

And needless to say, I am not a lawyer…

Pages: 1 3 5

  2013-07-06

The difference between Cyber Security and just Security

  By Hagai Bar-El   , 637 words
Categories: IT Security, Security Policies, Cyber Security, Counter-media

The concept of “Cyber Security” is surely the attention grabber of the year. All security products and services enjoy a boost in their perception of importance, and sales, by merely prepending the word “cyber” to their description. But how is cyber security different than just security?

It differs, but it is not an entirely different domain, at least not from the technology perspective.

Security protects against malicious attacks. Attacks involve an attacker, an attack target, and the attack method, which exploits one or more vulnerabilities in the target. When speaking of cyber attacks, it is common to refer to a nation state attacking another, or to an organization attacking a state. Referring to unorganized individual hackers as executing “cyber attacks", while being a common trend, is a blunt misuse of the “cyber” term in its common meaning. And still, cyber security is not as dramatically different than traditional security.

Read more »

  2012-03-08

Against the collection of private data: The unknown risk factor

  By Hagai Bar-El   , 734 words
Categories: Security Policies, Counter-media

I bet there are thousands of blog posts advocating privacy and explaining why people should resist governments and companies collecting personal data. I dare to write yet another one because I would like to make a couple of points that I have never seen made before. This post will discuss one of these two points: the unknown risk.

Read more »

  2011-02-07

Tips for Submitting Proposals to EU FP7 (now H2020) and Others

  By Hagai Bar-El   , 994 words
Categories: Security Policies

Among the work I do is the evaluation of research proposals for the Framework Program 7 (FP7), and now H2020, of the European Commission. I review research proposals that are submitted in response to calls that are related to information security. Truthfully, this work is among the more interesting of projects I am involved with.

On account of this occupation of mine, for a few years already, I consider myself authoritative to bring up the following tips to whoever intends to submit a research proposal for European, or other, funding.

Read more »

  2011-01-28

Cyber-war Risk Exaggerated?

  By Hagai Bar-El   , 700 words
Categories: Security Policies, Cyber Security, Counter-media

A ZDNet article, Cyber-war risk is exaggerated, says OECD study, points to what seems as a thorough study that concluded with the stated result. I never read this study, but from the article one can point one point in which it is probably right and one point in which it is probably wrong.

Read more »

  2009-07-24

Companies collect data on us --- so what?

  By Hagai Bar-El   , 865 words
Categories: Security Policies, Counter-media

It is very common among security people to take privacy issues seriously. When we hear that a particular service collects personal data on us, we get extremely anxious. We will not use services that collect personal data that are not necessary to render the service. Sometimes we will forgo using a useful service, just because it requires that we feed in personal data, or because we do not like the wording of the privacy policy, of its lack of…

To us, security people, having a company collect personal information on our shopping habits, surfing habits, reading habits, or eating habits, is just wrong. Technologists like Cory Doctorow call to treat personal data like weapons-grade plutonium, because data that is collected never vanishes. Others, like Bruce Schneier, write essays on why the average (that is, non-criminal) citizen should not agree to being watched, although he did nothing wrong. All is true, and having governments collect too much data on individuals is risky. Such data, if available, is likely to be abused at some point in time, a point which is probably closer than it appears.

It is easy to explain why one would not like the government to have too much data on himself. I would like to discuss another type of data: the commercial data that privately held companies such as Amazon, Google (on Google apps users), and Facebook, collect. Why should I care about having my personal data on-line?

Read more »

  2009-04-04

On the Purpose of Security Standards

  By Hagai Bar-El   , 960 words
Categories: Security Policies, Counter-media

An interesting article was published in Information Security Resources, titled: “Payment Card Industry Swallows Its Own Tail”.

The author seems to claim that PCI DSS may not survive for long, because the various stakeholders are too busy blaming each other for security breaches instead of trying to make the ecosystem more secure. Also, organizations that are PCI DSS compliant still suffer from security breaches, what seems to indicate that the standard is ineffective.

There are two questions that need to be asked:

Read more »

  2008-10-26

Twitter Terrorists -- Come On...

  By Hagai Bar-El   , 184 words
Categories: Security Policies

I could not miss this one in Wired.com.

Then the presentation launches into an even-more theoretical discussion of how militants might pair some of these mobile applications with Twitter, to magnify their impact. After all, “Twitter was recently used as a countersurveillance, command and control, and movement tool by activists at the Republican National Convention,” the report notes. “The activists would Tweet each other and their Twitter pages to add information on what was happening with Law Enforcement near real time.”

It seems as people are making an effort to ring the bell on just about anything. Twitter? Twitter is merely an application that facilitates instant messaging, like tons of others. Whatever can be done with Twitter can also be done with IRC, Web chat rooms, shout boxes (those little frames on websites that display whatever is written by guests to the website), and what not.

Yes, someone evil can use Twitter to pass messages to other evil people in the field, but the ability to pass instant messages along is a “problem” of ubiquitous network technologies, not of this or that particular product.

1 3 5


Form is loading...

  XML Feeds

Search

License

All contents are licensed under the Creative Commons Attribution license.