Patents are generally held to be granted on devices, or inventions. In recent years, United States patents have been granted on processes, and even software. "Patent Absurdity" is a half hour video outlining the dangers and difficulties surrounding the granting of software patents. The interviews take place around the "Bilski" case appeal before the Supreme Court. (The "Bilski" case decision is generally held to strike down software patents, but is still the subject of a good deal of debate.) Read more →
43 posts categorized "Legal"
05 May 2010
Patent Absurdity
Posted by Rob Slade on 05 May 2010 at 12:26 AM in Cybersecurity Training, Ethics, Legal, Risk | Permalink
|
Comments (0)
02 February 2010
SSN algorithm
Given the importance and wide use of US Social Security Numbers (even though the use is legally restricted), this article on how to determine SSNs is fairly important. Read more →
Posted by Rob Slade on 02 February 2010 at 05:47 PM in Cybersecurity Training, Legal, Privacy | Permalink
|
Comments (0)
26 January 2010
Shariah and Cybercrime
From the International Journal of Cyber Criminology, "Shariah Law and Cyber-Sectarian Conflict: How can Islamic Criminal Law respond to cyber crime?" This paper looks at the concepts in Islamic Shariah law that relate to specifically computer or information system related crimes. The paper is possibly not a complete examination, but is not hopeful as regards the ability to criminalize cybercrime. Also available as PDF. Read more →
Posted by Rob Slade on 26 January 2010 at 12:57 PM in Cybersecurity Training, Ethics, Legal | Permalink
|
Comments (0)
17 November 2009
DataLossDB
The Open Security Foundation's (OSF) DataLossDB project is an interesting resource for information about data and confidentiality breaches. At a glance, it gives you news, latest breaches, a timeline of breach numbers, a "top ten" list, and other references you can use in security awareness materials, or for risk analysis. Read more →
Posted by Rob Slade on 17 November 2009 at 11:02 PM in Cybersecurity Training, IT Security, Legal, Network Security, Operations Security, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
Data sanitization
This article is originally from the IEEE Security and Privacy magazine, circa 2003. As such, some of the programs noted are out of date or obsolete. However, a number are still available and in use, and the basic concepts outlined are still valuable. Read more →
Posted by Rob Slade on 17 November 2009 at 10:39 PM in Cybersecurity Training, Digital Forensics, IT Security, Legal, Operations Security, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
15 November 2009
US cyber policy review
This paper, directed from the US White House, may be the structure for US information, networking, and infrastructure policy over the next seven years. While vague, it does give some indication of directions. Read more →
Posted by Rob Slade on 15 November 2009 at 07:13 PM in Cybersecurity Training, IT Security, Legal, Operations Security, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
06 November 2009
Free licence
Interesting piece by an author who explains why he is not upset by, and even wants people, "pirating" his book, which is published under the GNU Free Documentation License. Read more →
Posted by Rob Slade on 06 November 2009 at 03:19 PM in Cybersecurity Training, Legal | Permalink
|
Comments (0)
|
TrackBack (0)
25 September 2009
DoD IA Policy Chart
For your information, the Defense-wide Information Assurance Program (DIAP) has just released the IA Policy Chart via the IATAC web site at http://iac.dtic.mil/iatac/ia_policychart.html. The chart, plus background notes can be found at that site. In addition, the IA Policy Chart will be included as a centerfold in the January 2010 edition of the IATAC’s IAnewsletter. The goal of the IA Policy Chart is to capture the tremendous breadth of applicable policies, some of which many IA practitioners may not even be aware, in a helpful organizational scheme. The use of color, hatching, fonts and hyperlinks are all designed to provide... Read more →
Posted by John Dittmer on 25 September 2009 at 12:49 AM in Cybersecurity Certifications, Cybersecurity Training, Insider Risk, IT Security, Legal, Malware, Network Security, Operations Security, Privacy, Risk, Software Development | Permalink
|
Comments (0)
|
TrackBack (0)
22 August 2009
Should the CISSP CBK be improved to place greater emphasis on “human factors” in information security? Definitely Yes!
Should the CISSP CBK be expanded to cover "human factors" in security? [1] Add “Human Factors” No.[2] Clearly, human factors are a major component to information security and Gary Hinson presents effective arguments that they should be established as an additional domain. On the other hand, Rob Slade makes an effective argument that the human factors are a significant component of each of the current ten domains primarily based on his experience teaching the CBK® to CISSP® aspirants for (ISC)²®. In full disclosure, I also teach the CBK® to CISSP® aspirants, but not for (ISC)²®, but at a local college.... Read more →
Posted by Bob Johnston on 22 August 2009 at 05:56 PM in Cybersecurity Certifications, Cybersecurity Training, Digital Forensics, Ethics, IT Security, Legal, Network Security, Operations Security, Privacy, Risk, Software Development | Permalink
|
Comments (1)
|
TrackBack (0)
10 August 2009
Add "human factors"? No.
OK, Gary has asked if the CISSP CBK should be expanded to cover "human factors" in security? And I answer "No." With that kind of beginning, you could be forgiven for thinking that I disagree with Gary about the importance of human factors in security. Nothing could be further from the truth. I agree with everything he has said about the fundamental significance of human factors in information security, as well as the difficulty of dealing with them, and will defend to the death his right to say it. What I disagree with is the question. The CBK already addresses... Read more →
Posted by Rob Slade on 10 August 2009 at 10:04 PM in Cybersecurity Certifications, Cybersecurity Training, Ethics, Insider Risk, IT Security, Legal, Malware, Operations Security, Privacy, Risk | Permalink
|
Comments (2)
|
TrackBack (0)
11 July 2009
Are policies mandatory and guidelines optional?
Although this is often expressed, I fundamentally disagree that policies are mandatory whereas guidelines are optional. This to me is a rather naïve assessment, and is distinctly unhelpful, misleading even. Let me explain. For a start, do you truly understand the distinction between "mandatory" and "optional"? Are they really (as some claim) as different as binary and analogue? I beg to differ. In my world, they are both analogue concepts. They are both a matter of degree. Occasionally by "mandatory" the information security manager or CISO probably does mean an absolute hard-and-fast rule with no exemptions (authorized non-compliance) or exceptions... Read more →
Posted by Gary Hinson on 11 July 2009 at 05:47 PM in Ethics, Insider Risk, Legal | Permalink
|
Comments (1)
|
TrackBack (0)
04 July 2009
Security Economics
With some similarities to "Geekonomics," this article by Ross Anderson, Rainer Bohme, Richard Clayton and Tyler Moore points out the economic factors that tend to keep information security as a low priority. They also point out a number of activities and policies which can help. (This paper was written in late 2007, but it still depressingly relevant.) Read more →
Posted by Rob Slade on 04 July 2009 at 11:38 PM in Cybersecurity Training, IT Security, Legal, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
09 June 2009
Open Source Computer Forensics Manual
The Open Source Computer Forensics Manual doesn't have a lot in it, and it only covers the basic approach, but it is reasonable at that. Maybe someone can get the project restarted. Read more →
Posted by Rob Slade on 09 June 2009 at 05:49 PM in Cybersecurity Training, Digital Forensics, Legal, Operations Security | Permalink
|
Comments (0)
|
TrackBack (0)
US Cybercrime site
US Department of Justice Computer Crime and Intellectual Property site with news stories, related (US) laws, and some documents related to digital evidence, investigation, and prosecution. Read more →
Posted by Rob Slade on 09 June 2009 at 04:57 PM in Cybersecurity Training, Digital Forensics, Insider Risk, Legal | Permalink
|
Comments (0)
|
TrackBack (0)
08 May 2009
Is U.S. ICE the New FISMA?
The United States Information and Communications Enhancement Act of 2009 (U.S. ICE Act of 2009) was introduced to the Senate on April 28, 2009. This bill, if successfully passed, would overhaul the provisions currently in FISMA and seek to strengthen information security in the federal government. Link to full text: http://www.govtrack.us/congress/billtext.xpd?bill=s111-921 As quoted by Sen. Tom Carper (D.-Del): “Instead of agencies wasting precious resources producing security plans that are outdated as soon they are printed, my bill requires agencies to continuously monitor their networks for cyber intrusions and malicious activities, take steps to address their vulnerabilities, and then regularly test... Read more →
Posted by Matthew Metheny on 08 May 2009 at 07:41 AM in IT Security, Legal | Permalink
|
Comments (0)
|
TrackBack (0)
18 April 2009
Proceeds of crime
The Supreme Court of Canada has struck down a challenge to a provincial law enabling seizure of proceeds of crime. Under the provincial law, proceeds could be seized under a civil action, without a conviction for a crime having taken place. A report appeared in the Vancouver Sun. The challenge appears to have stressed the jurisdictional issues. (In Canada, criminal law is a matter for the federal government: the provinces do not make their own criminal laws.) However, there is also the matter of burden of proof. Under criminal law (under a Common Law system, at any rate), the charge... Read more →
Posted by Rob Slade on 18 April 2009 at 11:25 PM in Cybersecurity Training, Ethics, Legal, Privacy, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
29 March 2009
GhostNet
The tracking (and scope) of GhostNet, a significant example of the use of malware and botnets for espionage. Some items of this were given in a story in the New York Times. There is also related work in a report out of Cambridge (full report in PDF)(which, like everything else Ross Anderson has written, is worth reading regardless of your level of interest). Read more →
Posted by Rob Slade on 29 March 2009 at 06:46 PM in Cybersecurity Training, Digital Forensics, IT Security, Legal, Malware, Network Security, Operations Security, Privacy, Risk | Permalink
|
Comments (0)
|
TrackBack (0)
19 March 2009
Secure data erasure
For all the trouble we have to take to protect, backup, and maintain our data, when we want to get rid of it, it turns out to be remarkably difficult. Do we delete Overwriting delete? Overwrite 40 times? Overwrite 40 times including all the slack space? Degauss? Get out the thermite? This site presents a faster and easier option. There is software, and also a paper (possibly self-serving ...) explaining the option, and why it is very often good enough. Read more →
Posted by Rob Slade on 19 March 2009 at 09:16 PM in Cybersecurity Training, Digital Forensics, IT Security, Legal, Operations Security, Privacy, Risk | Permalink
|
Comments (2)
|
TrackBack (0)
22 February 2009
Injecting the Common into Security
According to several news articles Friday, February 20th, and documented on hackersblog.org by the hacker named Unu, the Security and A/V "giant" Symantec had a bit of a website face lift as a result of a SQL-injection vulnerability within the website. The website was defaced as can be seen in the following image: The stories and associated blog references can be found at the following links: http://www.itp.net http://news.softpedia.com http://www.hackersblog.org Granted, based on the articles and information so far, the "ethical hacker" Unu used this method of notification to "help" alert Symantec to the problem. Outside of the ethical issues surrounding... Read more →
Posted by Lester Nichols on 22 February 2009 at 10:11 PM in Ethics, IT Security, Legal, Malware, Network Security, Operations Security, Privacy, Risk, Software Development | Permalink
|
Comments (0)
|
TrackBack (0)
27 January 2009
A Mistaken Conviction Based on Digital Forensics – Part 2 – The Trial, Day 1
Department of Homeland Security Daily Open Source Infrastructure Report
During the pretrial examination we learned that there appeared to be sufficient basis to have excluded the forensic evidence yet that did not happen. Let us see what happened during the trial which allowed the forensic evidence for the prosecution to be presented to the court and considered by the jury during its deliberations which resulted in Julie Amero’s conviction on all counts. Before we do however, let us take a brief look at the community’s perspective of the crime and how that might have influenced their deliberation to some degree.... Read more →
Posted by Bob Johnston on 27 January 2009 at 10:16 AM in Digital Forensics, IT Security, Legal, Malware, Network Security | Permalink
|
Comments (0)
|
TrackBack (0)
Search
Categories
- (ISC)² Chapters (22)
- (ISC)² Events (152)
- Center for Cyber Safety and Education (52)
- Cloud Security (128)
- Cybersecurity Certifications (373)
- Cybersecurity Training (305)
- Cybersecurity Workforce (232)
- Digital Forensics (28)
- Ethics (51)
- Government (112)
- Insider Risk (55)
- IT Security (362)
- Legal (43)
- Malware (107)
- Network Security (166)
- Operations Security (133)
- Privacy (108)
- Ransomware (75)
- Risk (188)
- Software Development (44)
- Spotlight (70)