I blogged on Day 1 and Day 2 but as I expected, I was unable to blog yesterday on the conference. However, let me just briefly give you my impression of the final day: The core part of this last day was a whole block on Cloud Computing. There were different presentations on the subject…Details
A few years ago, the Budapest Convention on Cybercrime was signed within the Council of Europe. Since then it was ratified all across the globe by a lot of countries or at least used as the base for legislation. Since a few years as well, the Council of Europe is organizing a conference on Cooperation…Details
And the second day starts. I just met with Jeremy Kirk from IDG and it is great to see that the press is actually interested in such a conference as well. The day today started with a long session on different initiatives against cybercrime. A lot of good information: Interpol offers quite some good services…Details
l am still sitting in the parliament room of the Council of Europe at the celebration event for the Budapest Convention. It was another very good event advancing the challenges fighting Cybercrime. Let me try to summarize a few thoughts: The Budapest Convention is probably the best convention out there allowing a wide adoption of…Details
As you saw from previous posts, I am at the Octopus Conference on Cooperation against Cybercrime at the moment. We had yesterday the Deputy Secretary General of the Council of Europe and one of her key statements was that different bodies (like the Council of Europe, UN etc.) should not compete. The Budapest convention by…Details
A few years ago, we saw a clear difference between state actors and criminals looking at the technologies and procedures they applied attacking an environment. Over time we have seen these two groups coming closer together. In the meantime, criminals seem to have caught up. They started to use more sophisticated and targeted malware and…Details
In my opinion, this is an interesting problem: We are very used to today’s asymmetric crypto algorithms, which all base on the problem that it is unbelievably hard to factor a very large number into primes. A hard mathematical problem and security of the Internet is based on it. Now, with quantum computing, this mathematical…Details
It is not my first post (Crypto and Quantum Computing) and I am sure it will not be my last. I am deeply convinced that quantum computing will create a nightmare some when in the industry. It does actually not need thousands of computers â€“ it just needs one and cryptography the way we know…Details
Last week, when I was in South Africa, a partner of us pointed me to a very interesting paper by KPMG called Cloud computing: Australian lessons and experiences. What I like is, that a lot of the items I was recently raising, where actually reflected in quotes by customers of Cloud providers as well as by the general findings of the study.
The final conclusion is to me that there are a lot of security benefits moving to the Cloud.
Ait ss you know from my postings on Cloud and security and the paper on the Cloud Security Considerations we wrote, I am convinced that there are five areas you should look at, when you try to migrate to the Cloud: Compliance and Risk Management Identity and Access Management Service Integrity Endpoint Integrity Information Protection…Details
As we all know, next week the new President of the United States will be elected. Behind the scenes a lot of teams are preparing the transition from President Bush to the new president. It seems now that a commission is getting ready to advise on cybersecurity for the next president. We will see how…Details
This morning I read an article on Infoworld: Why you should care about cyber espionage which â€“ to me â€“ is a strange question. First of all, most companies have to protect some sort of intellectual property. It is not new for the Internet, that state-driven espionage not only targets state’s secrets but industrial espionage…Details
This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections: Governments Legislative Bodies The Armed Forces Law Enforcement Judges…Details
I have to admit â€“ it is not my title but it caught my attention. Over the course of the last few years, the term â€œCyberwarâ€ came up all over the place. I was recently reading a book on it, where there was a chapter called â€œDefinition of Cyberwarâ€ and I thought that finally somebody…Details
It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud â€“ like any other business. Some way back, there were discussions on how to leverage GPUs to crack passwords: Graphics Cards…Details
The question about underground prices is often coming up – often only for curiosity. However, this pricelist is extremely important if we try to understand at least the motivation and the business case of criminals. Let’s look at a simple business case for a criminal. On the upside we have two bullets: Economical gain –…Details
Thatâ€™s obvious as people probably tend to want to trust more, the worse their situation is. Nevertheless it is even more disgusting going after the desperate!
Cybercrime: A Recession-Proof Growth Industry
The White House released a framework for the critical infrastructure regarding Cybersecurity. The interesting part is, that it is not based on a certification approach but on risk management. Definitely the right mindset as it allows companies to move away from compliance management to risk management. I am absolutely convinced that managing compliance has its…Details
Years ago information security or cybersecurity was in the hands of specialists, which set the rules and the users had to follow â€“ in theory. Whether the users really followed the rules, policies and recommendations is a different story but it worked that way. I rarely remember a CIO/CFO or CEO really being interested in…Details