At last week’s TF-CSIRT meeting, Gavin Reid from Cisco suggested that we may have been over-optimistic about how much technology can do to detect and prevent incidents. Automated incident prevention systems can be effective at detecting and preventing automated attacks but are less effective against targeted attacks that use human intelligence rather than brute force. […]
Category: Articles
Thoughts on regulatory and ethical issues relating to the use of technology in education and research
Categories
Reporting Information Security Breaches
An interesting, though depressing, figure from Verizon’s 2012 Data Breach Investigations Report is that 92% of information security breaches were discovered and reported by a third party. Not by the organisation that suffered the breach, nor by its customers who are likely to be the victims of any loss of personal data, but by someone […]
Categories
Misconfiguration may be harmful
Darknets are well known as a place to look for Internet threats, but a presentation by RESTENA and CIRCL at this week’s TF-CSIRT meeting suggested they may also show up other kinds of problems. Darknets are parts of the IP address space that are routed but not used, so there should be no legitimate packets […]
Categories
ENISA Guide to Risk Mitigation for BYOD
ENISA have published a useful set of controls and best practices for managing the risks in a Bring Your Own Device (BYOD) program. They identify three groups of controls Governance Legal, Regulatory and HR Technical (Device, Application, User and Data) Throughout, the focus is on the owners, not the devices, which seems right. If the […]
Categories
ICC Cookie Guide updates
The International Chamber of Commerce has published a revised version of its Cookie Guide, reflecting the new information that has been produced by the Information Commissioner and Article 29 Working Party since the original version last April. There are relatively few changes to the existing text, in particular the four ICC categories of cookie remain […]
The e-Privacy Directive’s provisions on cookies exempt two classes of cookies from the requirement to gain consent (though if they relate to individual users, websites still need to inform users about them, under data protection law): CRITERION A: the cookie is used “for the sole purpose of carrying out the transmission of a communication over […]
Following criticism of a number of recent arrests and prosecutions relating to postings on social media sites, the Director of Public Prosecutions has published new draft guidelines. These confirm that postings that break criminal laws on threats, harassment and breaching court orders should generally be “prosecuted robustly” under the specific legislation for those crimes. When […]
The Joint Committee on Human Rights has published its conclusions on the Defamation Bill. Among other changes the Bill intends to clarify the position of websites that accept posts from third parties and make it less likely that lawful posts will be removed because of fear of liability. The Committee are “glad to see steps […]
The Joint Committee on the Draft Communications Bill has published its report, concluding that while there is “a case for legislation which will provide the law enforcement agencies with some further access to communications data” the current proposal needs “substantial re-writing”. The Committee address three of the four concerns raised in our Janet evidence. They […]
The Law Commission have published an interesting consultation paper on how the law of contempt of court is affected by the internet. Anything that “tends to interfere with the course of justice” may be considered contempt: the Contempt of Court Act 1981 deals in particular with communications addressed to the public at large or a […]