security

12 August 2015 at 2:52pm

Phishing exercises?

Andrew Cormack
security
Awareness Raising
phishing
Recently I had a thought-provoking discussion on Twitter (thanks to my guides) on the practice of setting your users phishing tests: sending them e-mails that tempt them to do unsafe things with their passwords, then providing feedback. I've always been deeply ambivalent about this. Identifying phishing messages is hard (see how you do on OpenDNS's quiz), and creating "teachable moments" may well be a good way to help us all learn.
Read more

Technical Security for E-infrastructures

Andrew Cormack
25 March 2015 at 8:51am
eIWG papers
security
E-infrastructures are large computer systems with considerable processing and storage capacity and in some cases, holding valuable or sensitive data. They are therefore likely to be attractive targets for attackers with a wide range of motivations. However, to support international research, e-infrastructures must be accessible to users located anywhere on the Internet. In many cases users will upload and run their own software or virtual machines and exchange large volumes of data over high-speed networks.
Read more
29 January 2015 at 9:32am

Incorporating security into development processes

Andrew Cormack
security
software development
Tilmann Haak's presentation at this week's TF-CSIRT/FIRST meeting was on incorporating security requirements into software development processes using agile methods, but his key points seem relevant to any style of software or system development:
Read more
Subscribe to security