Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Translating Research for Action: Ideas and Examples for Informing Digital Policy

“The Berkman Klein Center for Internet & Society is pleased to release this series of papers, which aims to build a bridge between academic research and policymaking in the networked world by helping to identify opportunities in key areas related to digital technology and innovation. The series builds on the Center’s commitment to exploring new ways to communicate, educate, and inform in the public interest and are informed by conversations and collaborations with diverse stakeholders in each area. “Networked Policy Making Avenues” takes a process perspective and outlines different channels and methods available for academics to inform policymaking. The additional papers presented in the form of short, synthesizing research briefings have a substantive orientation and serve as examples in action. Focusing on critical topics such as how privacy intersects with issues related to students, open data, and cybersecurity, these briefings experiment with formats that may be more useful and accessible to decision makers than traditional research papers. Each can be viewed as resource that stands on its own, and we hope each will provide a navigation aid vis-a-vis some of today’s controversially debated topics in digital policymaking.” September 26, 2016.

Baldrige Cybersecurity Excellence Builder

Baldrige Cybersecurity Excellence Builder. Key questions for improving your organization’s cybersecurity performance. Draft September 2016, National Institute of Standards and Technology. “The Baldrige Cybersecurity Excellence Builder is a voluntary self-assessment tool that enables organizations to better understand the effectiveness of their cybersecurity risk management efforts. It helps leaders of organizations identify opportunities for improvement based… Continue Reading

Paper – Examining the costs and causes of cyber incidents

Examining the costs and causes of cyber incidents, Sasha Romanosky, Journal of Cybersecurity, DOI: http://dx.doi.org/10.1093/cybsec/tyw001. First published online: 25 August 2016. “In 2013, the US President signed an executive order designed to help secure the nation’s critical infrastructure from cyberattacks. As part of that order, he directed the National Institute for Standards and Technology (NIST)… Continue Reading

Federal Information Security: Actions Needed to Address Challenges

Federal Information Security: Actions Needed to Address Challenges, GAO-16-885T: Published: Sep 19, 2016. Publicly Released: Sep 20, 2016. “Cyber incidents affecting federal agencies have continued to grow, increasing about 1,300 percent from fiscal year 2006 to fiscal year 2015. Several laws and policies establish a framework for the federal government’s information security and assign implementation… Continue Reading

Agency chief info officers – roles and challenges reviewed by GAO

Federal Chief Information Security Officers: Opportunities Exist to Improve Roles and Address Challenges to Authority, GAO-16-686: Published: Aug 26, 2016. Publicly Released: Sep 15, 2016. “Under the Federal Information Security Modernization Act of 2014 (FISMA 2014), the agency chief information security officer (CISO) has the responsibility to ensure that the agency is meeting the requirements… Continue Reading

Treasury IG – Processes Are Not Sufficient to Assist Victims of Employment-Related Identity Theft

Treasury Inspector General for Tax Administration – Processes Are Not Sufficient to Assist Victims of Employment-Related Identity Theft. August 10, 2016. Reference Number: 2016-40-065. “Taxpayers identified as victims of employment-related identity theft are not notified. During the period February 2011 to December 2015, the IRS identified almost 1.1 million taxpayers who were victims of employment-related… Continue Reading

Article excerpt from new book – “Rise of the Machines: A Cybernetic History”

This article is published via the Passcode – Modern field guide to security and privacy from The Christian Science Monitor”: The cypherpunk revolution-How the tech vanguard turned public-key cryptography into one of the most potent political ideas of the 21st century, by Thomas Rid, July 20, 2016. “…But amid the hype [in the 1990s with… Continue Reading

ACRL – Keeping Up With Cybersecurity, Usability, and Privacy

Snipped – via Bohyun Kim. Associate Director, Library Applications and Knowledge Systems, at the University of Maryland-Baltimore, Health Sciences and Human Services Library – Keeping Up With Cybersecurity, Usability, and Privacy What is Cybersecurity? Cybersecurity is a broad term. It refers to the activities, practices, and technology that keep computers, networks, programs, and data secure… Continue Reading

The NIST Cybersecurity Framework and the FTC

Via Andrea Arias at the FTC: “…The Framework provides organizations with a risk-based compilation of guidelines that can help them identify, implement, and improve cybersecurity practices.  The Framework does not introduce new standards or concepts; rather, it leverages and integrates cybersecurity practices that have been developed by organizations like NIST and the International Standardization Organization… Continue Reading

Data Breach Aftermath and Recovery for Individuals and Institutions

Anne Johnson and Lynette I. Millett, Rapporteurs; Forum on Cyber Resilience Workshop Series; National Academies of Sciences, Engineering, and Medicine: “In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible… Continue Reading

BYU – Why We Disregard Security Warnings

BYU Marriott School News – “Software developers listen up: if you want people to pay attention to your security warnings on their computers or mobile devices, you need to make them pop up at better times. A new study from BYU, in collaboration with Google Chrome engineers, finds the status quo of warning messages appearing… Continue Reading

theguardian – Police to hire law firms to tackle cyber criminals in radical pilot project

“Private law firms will be hired by police to pursue criminal suspects for profit, under a radical new scheme to target cyber criminals and fraudsters. In a pilot project by the City of London police, the lead force on fraud in England and Wales, officers will pass details of suspects and cases to law firms,… Continue Reading