Posts relating to keeping computers and networks secure against (mostly) attacks over networks. If you want to know about how to respond when such attacks succeed, or nearly so, try “Incident Response”
The UCISA Networking Group’s conference BYOD: Responding to the Challenge looked at new developments in an area that has actually been an important part of Higher Education for at least fifteen years. Student residences have offered network sockets since the 1990s and staff have been using family PCs for out of hours work for at […]
The Information Commissioner has published helpful new guidance on how organisations can support the use of personally-owned devices for work, commonly known as Bring Your Own Device (BYOD). This appears to have been prompted by a survey suggesting that nearly half of employees use their own devices for work, but more than two thirds of […]
The European Commission’s Cyber Security Strategy aims to ensure that Europe benefits from a “robust and innovative Internet”. The Strategy has five priorities: Achieving cyber resilience Drastically reducing cybercrime Developing cyberdefence policy and capabilities related to the Common Security and Defence Policy (CSDP) Develop the industrial and technological resources for cybersecurity Establish a coherent international […]
ENISA have published a useful set of controls and best practices for managing the risks in a Bring Your Own Device (BYOD) program. They identify three groups of controls Governance Legal, Regulatory and HR Technical (Device, Application, User and Data) Throughout, the focus is on the owners, not the devices, which seems right. If the […]
An interesting presentation by Giles Hogben of ENISA at TERENA’s CSIRT Task Force meeting in Heraklion last week, looking at security issues when moving to the public cloud computing model.There have been several papers on technical issues such as possible leakage of information between different virtual machines running on the same physical hardware (for example […]
[This is the approximate text of an internal company talk, which I’ve been asked to make more widely available] One of the odd things about how people talk about the Internet is that you’ll hear it described both as “the Wild West” where there are no rules and unlawful behaviour is rife and as a […]
The US Government’s CIO Council has published an excellent toolkit to help organisations develop appropriate policies for employees to use their own laptops and smartphones for work (known as Bring Your Own Device or BYOD). The toolkit identifies three different technical approaches to controlling the security of the organisation’s information: Use virtualisation so that the […]
An interesting talk by Ken van Wyk on threats to mobile devices at the FIRST/TF-CSIRT meeting last week. While it’s tempting to treat smartphones just as small-screen laptops (let’s face it, users do!) there are significant differences in the threats to which the two types of devices are exposed. These need to be recognised in […]
This is UKERNA’s submission to the House of Lords Select Committee on Science and Technology Sub-Committee investigation into Personal Internet Safety. UKERNA is the non-profit company limited by guarantee that operates the JANET computer network connecting UK colleges, universities and research council establishments to each other and to the Internet and inter-connecting regional schools networks. […]