Tuesday, January 24, 2017

What constitutes cybersecurity education?

Cybersecurity Education http://www.csec2017.org/ proposals on curriculum needed for cyber training and education.

What's the need ? http://www.csoonline.com/article/2953258/it-careers/cybersecurity-job-market-figures-2015-to-2019-indicate-severe-workforce-shortage.html
an extract:
An analysis of the cybersecurity job market looking back at 2014, the first half of 2015, and projecting out to 2019, reveals some interesting figures. For instance, the top paying cybersecurity job is a security software engineer with an average annual salary of $233,333, according to a recent report from the job board Dice. That tops the salary for a CSO which is $225,000.

But the big story in the cybersecurity labor market is a severe workforce shortage.

“The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million,” stated Michael Brown, CEO at Symantec, the world’s largest security software vendor. Not long before Brown's statement, the Cisco 2014 Annual Security Report warned that the worldwide shortage of information security professionals is at 1 million openings, even as cyberattacks and data breaches increase each year.

Posted by at No comments:
Labels: , ,

Monday, January 23, 2017

Encryption approaches usability


Lavabit 


Google makes it easier? 
Posted by at No comments:
Labels: , , ,

Sunday, January 22, 2017

improvements to TOR in 2017

a better dark web...  https://www.wired.com/2017/01/get-even-easier-hide-dark-web/
Posted by at No comments:
Labels: ,

Wednesday, January 11, 2017

Off The Record communications

The title of the paper has a byline: “Why Not To Use PGP”. Sometimes, private back channel conversations are best when
  • - They are confidential and kept private between the participants – so the messages should be encrypted in transit
  • - The parties must be clearly authenticated / identified so you know who you’re talking to
  • - They offer repudiation: the conversation must remain unverifiable to third parties, where conventional encryption would identify and verify who said what (and when), if keys were to be compromised or broken.
PFS (perfect forward secrecy) is desirable in these use cases since “compromise of long-term keys does not compromise past session keys”. From the article, “If forward secrecy is used, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted should long-term secret keys or passwords be compromised in the future, even if the adversary actively interfered.”

If it is useful to have a verifiable record, use PGP and proper signatures.

If you want to just float an idea privately, say among representatives of nations with externally antagonistic views, or peace talks among parties in the Middle East, “just us girls talking”, OTR protocols can be great ways to explore options without being held to previous statements. OTR conversations allow participants to more freely speculate about a wide range of options, which is very much in the nature of human conversation that is not formally recorded.

Preliminary conversations relating to merger and acquisitions, or collaborations, might be helped by a properly implemented "off the record" conversation. Until the concept gains general understanding and acceptance, however, it seems unlikely that such benefits will become widely used.

Separately, Forward Anonymity has a different emphasis and objective, in that the identities of the participants should not be discoverable after the fact.
Posted by at No comments:
Labels: , , ,