Helping Users Understand Cybersecurity: Confidentiality Becomes Privacy
Aug 30, 2017
In early August I made the heretical suggestion of replacing “CIA” with “PAR”, as in Privacy, Accuracy, and Reliability. Grim talk about “The CIA Triad” suggests to many users that it is nothing for them. But we can’t have information security without user understanding and involvement! We talk about CIA in Learning Tree’s System and […]
How Can We Help Users Improve Security?
Aug 2, 2017
Maybe we should rename CIA. I don’t mean the government agency by that name. I’m risking heresy by saying that the tired old acronym CIA for Confidentiality, Integrity, and Availability isn’t sacred text. We talk about CIA in Learning Tree’s System and Network Security Introduction course. Let’s take a critical look at it here. I’ve […]
Cyber Security Requires Cautious Logic
Jul 21, 2016
If we don’t carefully distinguish between necessary and sufficient when we are analyzing information assurance systems, we may become dangerously confident in a system that is actually quite weak. This Isn’t A New Problem Cryptography enthusiast Edgar Allan Poe wrote, in “A Few Words On Secret Writing” in Graham’s Magazine in July 1841: “Few persons […]
File System Encryption: When Is It Worthwhile?
Mar 14, 2016
Encryption is used to protect confidentiality. But what role should it play within your operating systems for protecting file systems? The answer, as so often, is “it depends.” Physical Theft A laptop or detachable media such as USB-connected external disks and thumbdrives could easily be stolen or lost. Especially with smaller objects, you may not […]
Mar 10, 2016
Last week I explained why government-imposed backdoors cause more problems than they solve, and government-imposed weaknesses from the 1990s are still causing SSL/TLS security problems. Let’s see some of the other ways backdoors have spectacularly failed. This is nothing new The problem of insider abuse goes back to an era when letters and telegrams were […]