Is an inability to define security the main cause of the cybersecurity skills gap? If we can't truly define what security is, how can organizations design the right cybersecurity jobs for their needs?…
Information Security
In the last two years, more than 200 papers have been written on how Machine Learning (ML) can fail because of adversarial attacks on the algorithms and data; this number balloons if we were to incorporate non-adversarial failure modes. The spate of papers has made it difficult for ML practitioners, let alone engineers, lawyers and policymakers, to keep up with the attacks against and defenses of ML systems. However, as these systems become more pervasive, the need to understand how…
Why Are Cryptographers Being Denied Entry into the US? - Schneier on Security (Schneier on Security ) In March, Adi Shamir -- that's the "S" in RSA -- was denied a US visa to attend the RSA Conference. He's Israeli. This month, British citizen Ross Anderson couldn't attend an awards ceremony in DC because of visa issues. (You can listen to his recorded acceptance speech.) I've heard of two other prominent cryptographers who are in the same boat. Is there…
NIST Proposes Privacy Framework to Help Make Sense of Global Privacy Regulations
Posted on 13th May 2019NIST Proposes Privacy Framework to Help Make Sense of Global Privacy Regulations by Stephanie Hazlewood (Security Intelligence) In October 2018, NIST, collaborating with public and private stakeholders, started drafting its privacy framework. The framework is intended to serve as a guide for chief information security officers (CISOs), chief privacy officers (CPOs) and other internal privacy stakeholders and is geared toward helping them improve their organizational privacy posture. Like the NIST Cybersecurity Framework introduced in 2014, organizations that choose to comply…
How 3ve’s BGP hijackers eluded the Internet—and made $29M by DAN GOODIN Members of 3ve (pronounced "eve") used their large reservoir of trusted IP addresses to conceal a fraud that otherwise would have been easy for advertisers to detect. The scheme employed a thousand servers hosted inside data centers to impersonate real human beings who purportedly "viewed" ads that were hosted on bogus pages run by the scammers themselves -- who then received a check from ad networks for these…