Is AI For, or Against, Cybersecurity?

With the rapid proliferation of so-called AI (artificial intelligence) systems (many of which are really just rebranded expert systems), we cybersecurity professionals are confronted with two critical issues, namely: Can AI methods be used to improve the protection of our data, systems, and networks? And can AI systems be secured effectively? The distinguishing features between […]

Cybersecurity and Safety of AI and Robots

The article in The New Yorker of May 14, 2018 by Tad Friend with the title “Superior Intelligence: Do the perils of A.I. exceed its promise?” describes two schools of thought with respect to concerns that researchers have about both ANI (artificial narrow intelligence) and AGI (artificial general intelligence) systems, as follows: “Usually, those who […]

Featured Articles

The CIA Triad: Theory and Practice

() Recently published an article by Warren Axelrod entitled, It’s About Availability and Integrity (not so much Confidentiality). It appears that the article Read more…

6 Theories of Probability and 6 Reasons Why They Matter to ISRA

() While probably everyone would agree that information security risk analysis (ISRA) is shot through with appeals to probability, very few non-academic discussions of ISRA provide Read more…

Why the “Risk = Threats x Vulnerabilities x Impact” Formula is Mathematical Nonsense

() Every now and then I will find a security practitioner presenting the following formula when discussing information security risk analysis (ISRA). Risks = Threats x Read more…

Decision Theory is the Foundation for Information Security Risk Management

() Disclaimer: I originally wrote the following text as a post to a mailing list in 2005, but it still seems applicable today. The more I read the writings of various information Read more…

H1N1 Threat Overblown? Information Security Relevance? A Logic Proof

() “H1N1 was totally overblown. Nothing really terrible happened. No one suffered a pandemic and the resulting deaths were less in number than the deaths from the regular Read more…

Network Solutions “Hacked Account” Demonstrates Incompetence

() When in doubt, claim the account was hacked. That appears to be the reasoning of a Network Solutions Technical Support Representative. Normally I do not write about other Read more…

US Drones Hack: It’s The Same Old Story

() CNN reports that Iraqi insurgents were able to hack and view live feeds from US Spy Drones. The vulnerability was a non-technical one. The article summarized the issue as thus: Read more…

DHS Security Control May Improve Airport Economy

() It turns out that banning water on airplanes may help improve the vendor economy in airports. The idea is simple. Since passengers may not carry water onto airplanes when Read more…

Video: Hard Drives – Watch Them Shred

() While it’s the dream of almost every information security department to send their hard drives off to the shredder to destroy sensitive data, few of us have actually Read more…

Being Evil versus Doing Harm

() Mea culpa. …. Craig Heath rightly states that the Google motto is “Don’t be evil” and not “Do no harm,” as I had misquoted in my column Read more…

Google Doing Harm

() As we all know, Google’s motto is (was?) “Do no harm” … which, it appears, they took directly from the modern version of the physician’s Hippocratic Read more…

New Massachusetts Regulation Has Significant Implications for Information Security Professionals

() This year, the Commonwealth of Massachusetts enacted a regulation that prescribes information security policies and practices quite unlike those required in any previous state or Read more…

Passwords – Déjà Vu All Over Again

() With due credit to Yogi Berra, I found myself groaning “not again” when reading Randall Stross’s article “Goodbye, Passwords. You Aren’t a Good Read more…

Security and Audit – BFFLs? Maybe not, but…

() …we may have lots of reasons to work together more closely. Maybe it is just the luck of the draw that at almost every employer for the last 15 years, I have been the one Read more…

What is Russell Handorf’s Secret?

() Russell Handorf seems to have a secret that has been withheld from the ten other contributors to bloginfosec.  Russell himself may know this secret, although it’s quite Read more…

Recent Articles

Is AI For, or Against, Cybersecurity?

Cybersecurity and Safety of AI and Robots

Securing the Critical Infrastructure—Two Lost Decades

Oh, BTW, The Russians Cyberattacked the U.S. Critical Infrastructure

Cybersecurity Fails … Government Not Keeping Up

Crossing Privacy’s Red Line

Cybersecurity vs. Convenience

What Cyber Security Can Teach Us About Preventing Mass School Shootings

Privacy Losses Led to Secrecy Fails

Did NIST Plagiarize My Security-Privacy Venn Diagram?

Orwellian Behavioral Economics and Privacy Risk

The Spectre of Chip Meltdown

Privacy and the Sharing Economy

Is Secrecy Over?

Cybersecurity and the Real Future of Fully-Autonomous Vehicles

Cyberwarfare … Back(up) to Basics

Catastrophes and Information Security Risk

Peter Tippett is the 2017 ISE® Luminary Leader

Where Auto-Auto Security and Safety Risks Lie

Global Cybersecurity Standards … Another Plea

Cybersecurity Risk Model … Implicit or Explicit Consensus?

Taxing Computers and Robots … Revisited

Security and Safety Co-Engineering Revisited

Cybersecurity’s “Forward to the Past”

AI Systems’ Security and Safety … A No-Brainer?

Conflict vs. Consensus Cybersecurity Risk Models

Protecting In-Vehicle, Vehicle-to-Vehicle, and Ex-Vehicle Systems

Campaign Lessons Learned—Part 3: Authenticity, Authority and Access

Cybersecurity Risk Metrics … Why Don’t They Get It?

HAL as Your Car’s Co-Pilot

IoTR, IoTA, Cybersecurity and Safety

Do You Care One IoTA? You Should!

Campaign Lessons Learned—Part 2: Big Data vs Polls

Auto Autos—Take the Fork

Campaign Lessons Learned—Part 1: Email Security