Better Metrics Needed to Assess Security of Critical Infrastructure?

This is actually an interesting discussion: Critical Infrastructure: Better Cybersecurity Metrics Needed. From a high level view there is nothing you can object here. Definitely we need better metrics and definitely it would help us to understand the maturity of security in any given company – not just the critical infrastructure. But wait, I think…


Lessons from Morgan Stanley – is monitoring outgoing data the silver bullet?

A lot of articles are looking into the Morgan Stanley breach case, which is definitely an interesting story all by itself. An employee illegally accesses information and stores it on his home server. Obviously not a very smart thing to do but initially it rested there. It would be interesting to understand what he planned to…


Top 15 Security Predictions for 2016

No, they are still not coming from me but this article is actually really interesting: Top 15 security predictions for 2016. A few of them are remarkable: At your criminal service (Kaspersky/Seculert) The profitability of cyber-attacks means sophisticated criminal gangs with modern organizational models and tools will replace common cyber criminals as the primary threat.…


Time for Adobe Flash is more than over

The initial security discussion was all about browsers: Which one shows less vulnerabilities, which one is more secure? There were even government agencies in Europe recommending the use of a different browser every other week based on the “vulnerability de jour”. This changed a bit and modern browsers are more or less out of focus…


Blackout of Critical Infrastructure – it will be about Resilience this year

Remember the prediction we have seen in a lot of “what security brings us in 2016” that we will see failure of critical infrastructure due to security incidents. Well, it seems that news just waited for the year to turn 2016 to appear (not exactly, the US news appeared late December): The US Power grid…


Recommendations for Intelligent Public Transportation

We talked a lot about critical infrastructure protection – especially in the light of failures thereof. Therefore I really like some of the work ENISA does on recommendations for them.

Here is a new one for intelligent public transportation: Cyber Security and Resilience of Intelligent Public Transport. Good practices and recommendations