"In this report, ENISA identifies the Member States with operational government Cloud infrastructures and underlines the diversity of Cloud adoption in the public sector in Europe. Moreover through this document, ENISA aims to assist Member States in elaborating a national Cloud strategy implementation, to understand current barriers and suggest solutions to overcome those barriers, and to share the best practices paving the way for a common set of requirements for all Member States (MS)."
"For this study, we asked insurance underwriters about data breaches and the claim losses they sustained. We looked at the type of data exposed, the cause of loss and the business sector in which the incident occurred. For the first time, this year we also looked at the size of the affected organization. We then looked at the costs associated with Crisis Services (forensics, notification, credit monitoring, and legal counsel), Legal (defense and settlement), and Fines (PCI & regulatory). This report summarizes our findings for a sampling of 145 data breach insurance claims, 140 of which involved the exposure of sensitive data in a variety of sectors, including government, healthcare, hospitality, financial services, professional services, retail and many more."
"Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn’t know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours."
"This document addresses the protection measures applied to safeguard sensitive and/or personal data, which has been acquired legitimately by a data controller. In this respect it discusses how information technology users, who have a basic knowledge of information security, can employ cryptographic techniques to protect personal data. Finally, it addresses the need for a minimum level of requirements for cryptography across European Union (EU) Member States (MSs) in their effort to protect personal and/or sensitive data."
"This document collates a series of recommendations for algorithms, keysizes, and parameter recommendations. It addresses the need for a minimum level of requirements for cryptography across European Union (EU) Member States (MSs) in their effort to protect personal and sensitive data of the citizens."
"One of the trends we’ve seen is how, as the word of the NSA’s spying has spread, more and more ordinary people want to know how (or if) they can defend themselves from surveillance online. But where to start? The bad news is: if you’re being personally targeted by a powerful intelligence agency like the NSA, it’s very, very difficult to defend yourself. The good news, if you can call it that, is that much of what the NSA is doing is mass surveillance on everybody. With a few small steps, you can make that kind of surveillance a lot more difficult and expensive, both against you individually, and more generally against everyone."
"The Fourth Circuit Court of Appeals is in the process of deciding the first legal challenge to government seizure of the master encryption keys that secure our communications with web sites and email servers. The case could decide the future reliability of encryption protocols to protect all Internet communications. While the government wants these keys to decrypt user information, there is really no acceptable way for the Court to order a secure communications service to break its encryption protocol. The danger to innocent users is too great, and there are network effects that would shatter critical trust in SSL implementation as a whole."
"The national and economic security of the United States depends on the reliable functioning of critical infrastructure. To strengthen the resilience of this infrastructure, President Obama issued Executive Order 13636 (EO), ‘Improving Critical Infrastructure Cybersecurity’ on February 12, 2013. This Executive Order calls for the development of a voluntary Cybersecurity Framework (‘Framework’) that provides a ‘prioritized, flexible, repeatable, performance-based, and cost-68 effective approach’ for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk."
"Many attempts have been made to replace the ubiquitous username-and-password authentication scheme in order to improve user security, privacy and usability. However, none of the proposed methods have gained wide-spread user acceptance. In this paper, we examine the users’ perceptions and concerns on using several alternative authentication methods on the Internet. We investigate the adoption of the new German national identity card, as it is the rst eID-enabled card with dedicated features to enable privacy-preserving online authentication. Even though its large-scale roll-out was backed by a national government, adoption rates and acceptance are still low. We present results of three focus groups as well as interviews with service providers, showing that preserving privacy is just one of several factors relevant to the acceptance of novel authentication technologies by users as well as service providers."
"An identity theft service that sold Social Security and drivers license numbers - as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity."
"This report has been commissioned by BIS to map out the UK’s cyber security industry, and capture its dynamics. […] Within the broad IT sector, there are four major but inter-dependent trends that are reshaping the capabilities of technology and also restructuring the fundamental market dynamics of the industry. These trends are: cloud computing; mobility; social computing; and big data & analytics. These four key trends are driving growth in the IT sector, and their relationship with cyber security is fundamental. Each of these trends both impacts and is impacted by cyber security and that impact can be either positive or negative. Cyber security, then, is tied intrinsically to the shape of the overall IT market."
"You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort. You should consider all your previous WhatsApp conversations compromised. There is nothing a WhatsApp user can do about this but except to stop using it until the developers can update it."
"They started small. They took a single article from USA Today, isolated select phrases, and inputted them into their password crackers. Within a few weeks, they expanded their sources to include the entire contents of Wikipedia and the first 15,000 works of Project Gutenberg, which bills itself as the largest single collection of free electronic books. Almost immediately, hashes from Stratfor and other leaks that remained uncracked for months fell. One such password was ‘crotalus atrox.’ That’s the scientific name for the western diamondback rattlesnake, and it ended up in their word list courtesy of this Wikipedia article. The success was something of an epiphany […]"
"This report deals with the issue of how to enforce an adequate level of security across a sector of service providers. By way of response, we give an overview of 12 different audit frameworks or certification schemes for auditing security measures, used in different settings and sectors, which are aimed at ensuring that providers comply with certain security requirements. […] For each scheme we describe the overall setup and we depict the different entities and their roles in assessing or certifying compliance to the security requirements."
"This paper is divided into three sections. The first provides a fairly straightforward narrative account of Anonymous from 2005 to 2012, honing in on major events and turning points in its constitution and evolution. This chronology is necessary given Anonymous’ chameleon nature and the high degree of misinformation surrounding it. The second section briefly considers the core features of Anonymous, which shed light on its political significance. Section three focusses on the strengths and weaknesses of Anonymous as a protest movement."