Month: January 2015

Incorporating security into development processes

Post author By Andrew Cormack
Post date 29 January 2015
No Comments on Incorporating security into development processes

Tilmann Haak’s presentation at this week’s TF-CSIRT/FIRST meeting was on incorporating security requirements into software development processes using agile methods, but his key points seem relevant to any style of software or system development: Make sure security features are treated as first-class user requirement, of equal status with the functional requirements provided by others. We’ve […]

Tags #TFCSIRT, CyberSecurity, Vulnerabilities

Presentations

BYOD: What’s the Difference?

Post author By Andrew Cormack
Post date 21 January 2015
No Comments on BYOD: What’s the Difference?

I’ve done a couple of presentations this week, comparing the risks and benefits of Bring Your Own Device (BYOD) with those that research and education organisations already accept in the ways we use organisation-managed mobile devices. As the title of my talk in Dundee asked, “BYOD: What’s the Difference” Nowadays, most of the significant risks […]

Tags BYOD, CyberSecurity

Articles

Guidelines for Using Student Data

Post author By Andrew Cormack
Post date 19 January 2015
No Comments on Guidelines for Using Student Data

During a recent conversation about learning analytics it occurred to me that it might be helpful to analyse how universities use student data in terms of the different justifications provided by UK and European Data Protection Law. Although the ‘big data’ techniques used in learning analytics are sometimes said to be challenging for both law […]

Tags Big Data, Data Protection Regulation, Learning Analytics

Articles

Cybercrime law: many variations!

Post author By Andrew Cormack
Post date 15 January 2015
No Comments on Cybercrime law: many variations!

“Is scanning lawful?” sounds as if it ought to be a straightforward question with a simple answer. However investigating it turns out to be a good illustration of how tricky it is to apply real-world analogies to the Internet, and the very different results that different countries’ legislators (and courts) can come up with when […]

Tags Computer Misuse Act, Vulnerabilities

Articles

The Benefits of Near Misses

Post author By Andrew Cormack
Post date 15 January 2015
No Comments on The Benefits of Near Misses

Recently we had one of our regular reviews of security incidents that have affected the company in the past few months. All three – one social engineering attack, one technical one, and one equipment loss – were minor, in that only limited information or systems were put at risk; all were detected and fixed, to […]

Tags Incident Response, Information Security

Articles

Consent and the Role of the Regulator

Post author By Andrew Cormack
Post date 6 January 2015
No Comments on Consent and the Role of the Regulator

Reading yet another paper on privacy and big data that concluded that processing should be based on the individual’s consent, it occurred to me how much that approach limits the scope and powers of privacy regulators. When using consent to justify processing, pretty much the only question for regulators is whether the consent was fairly […]

Tags Big Data, Data Protection Directive, Data Protection Regulation