Policy and Law

The policies of governments, standards bodies, industry organizations and even large companies have an impact on the cybersecurity landscape. The intention of policy and law is to prevent or remediate criminality, abuse and even espionage. We can easily categorize policies as those that are drafted by technical professionals, and are to come degree forward thinking, as opposed to those who are drafted by policy generalists, which are often reactionary, and even defined by media spin.

Governmental Organizations

European Union Agency for Network and Cyber Security

"ENISA provides recommendations on cybersecurity, supports policy development and its implementation, and collaborates with operational teams throughout Europe"

NIST Cybersecurity Framework

"Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure"

National Center of Incident Rediness and Strategy for Cybersecurity

Japanese Government's Efforts to Address Information Security Issues; ASEAN-Japan Collaboration on Information Security

Fraud versus Anti-Fraud

Email spoofing is a tool in the commission of wire fraud. (Case in point...)

DMARC — Defeating E-Mail Abuse (PDF)

It could happen to anyone…don't let your business be next


Cybersecurity Topics
The policies of governments, standards bodies, industry organizations and even large companies have an impact on the cybersecurity landscape. The intention of policy and law is to prevent or remediate criminality, abuse and even espionage.
The news produced by and for the cybersecurity community is markedly different than the news that is produced for general public consumption. Many cybersecurity have an engineering or computer science background, and as such, there is an appreciably lower tolerance for bias, spin, and fake news. Still, take anything you read online with a grain of salt, and keep reading, because we are unlikely to ever hear the final word, on anything of interest.
"...Software is malleable and easily changed. This quality is advantageous to core functionality, but is harmful to security as well as performance...' "Last minute changes to design -- and future improvements -- are easily accommodated. But this malleability creates a broader surface for attack."
Someday I will have something intelligent to say about hardware security. Hopefully, someday soon.
Cryptography is the art of making an intentional message unreadable to anyone who does not know/have the key. The art of cryptography is informed by mathematics and computer science. Cryptography is an all or nothing game: once your cipher is broken, all your efforts are lost. But until then, you are undefeatable.
So much to learn, so little time. Of course, cybersecurity is an interdisciplinary filed, and a subfield, of several other important fields of knowledge. Namely: information theory, computer science, and mathematics. There are of course other important areas, but I think for right now my interest lies mainly in these three areas, and these are the sorts of notes I would like to keep here.