21 matches found
An Automated Framework for Cybersecurity Policy Compliance Assessment against Security Control Standards
Organizational cybersecurity policies are often examined to determine whether they adequately comply standard security controls. This task is difficult because control statements are abstract, whereas policy documents describe governance practices in varied natural language. As a result,...
Cybersecurity Policy Adoption in South Africa: Does Public Trust Matter?
This study examines how public perception influences the implementation and adoption of cybersecurity frameworks in South Africa. Using the PRISMA methodology, a systematic literature review was conducted across reputable scholarly databases, yielding 34 relevant sources aligned with predefined...
Securing our future: November 2025 progress report on Microsoft’s Secure Future Initiative
When we launched the Secure Future Initiative SFI, our mission was clear: accelerate innovation, strengthen resilience, and lead the industry toward a safer digital future. Today, we’re sharing our latest progress report that reflects steady progress in every area and engineering pillar,...
Designing Proportionate Cybersecurity Frameworks for European Micro-Enterprises: Lessons from the Squad 2025 Case
Micro and small enterprises SMEs account for most European businesses yet remain highly vulnerable to cyber threats. This paper analyses the design logic of a recent European policy initiative -- the Squad 2025 Playbook on Cybersecurity Awareness for Micro-SMEs -- to extract general principles fo...
I’m Spending the Year at the Munk School
This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. It's not a real sabbatical--I'm just an adjunct--but it's the same idea. I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University of Toronto. I will be organizing a...
The US Supreme Court Kneecapped US Cyber Strategy
After the Supreme Court limited the power of federal agencies to craft regulations, it’s likely up to Congress to keep US cybersecurity policy intact...
Why is the cost of cyber insurance rising?
I just bought an electric car last week, so Ive been shopping for new car insurance policies that could offer me a discount for ditching gas. Were all familiar with the boring process of entering the same information 10 times over into 10 different companies websites trying to see who comes out t...
How small businesses can secure employees' mobile devices
Fact: 77% of organizations are convinced they're capable of protecting their mobile devices--smartphones, tablets, and laptops including Chromebooks--from cybersecurity threats. Another fact: A third of those organizations aren't protecting their mobile devices at all. And that matters--in its...
[Security Nation] Michael Daniel on the Cyber Threat Alliance
!\Security Nation\ Michael Daniel on the Cyber Threat Alliancehttps://blog.rapid7.com/content/images/2021/10/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Michael Daniel, president and CEO of the Cyber Threat Alliance CTA, as well as a co-chair on the IST’s...
A Cybersecurity Policy Agenda
The Aspen Institutes Aspen Cybersecurity Group -- Im a member -- has released its cybersecurity policy agenda for the next four years. The next administration and Congress cannot simultaneously address the wide array of cybersecurity risks confronting modern society. Policymakers in the White...
The Security Failures of Online Exam Proctoring
Proctoring an online exam is hard. Its hard to be sure that the student isnt cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them. There are a variety of companies that provide online proctoring services, but theyre uniformly...
Policy vs Technology
Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don't remember who else. We met with then Massachusetts Representative Ed Markey. He didn'...
FBI Plans to Inform States of Election Breaches
The FBI has changed its policy around election cybersecurity and said it will now notify state officials in the event that local election systems are hacked. The move—revealed in a media briefing Thursday and then published online later that day—extends the number of election officials who are...
Reputation management in the age of cyberattacks against businesses
Avid readers of the Malwarebytes Labs blog would know that we strive to prepare businesses of all sizes for the inevitability of cyberattacks. From effectively training employees about basic cybersecurity hygiene to guiding organizations in formulating an incident response IR program, a...
Businesses: It’s time to implement an anti-phishing plan
Businesses: phishers aren’t just coming for you. They’re coming for your employees and your customers, too. Phishing attacks are on the rise this year, thanks in part to massive Emotet and TrickBot campaigns, which make use of phishing emails to deliver their payloads. If you don't already have o...
Building on experience: a framework for cybersecurity policy
Each year, more and more governments are developing policies to address security challenges presented by an increasingly digitized world. And to support those efforts, Im excited today to announce the release of Microsofts new Cybersecurity Policy Framework, a resource for policymakers that...
Harley Geiger on Cybersecurity Policy
Harley Geiger, director of public policy at Rapid7, talks to Threatpost editor Mike Mimoso at RSA Conference 2017 about how policy goes hand in hand with technology when it comes to cybersecurity, the government’s focus on IoT and critical infrastructure, and the role independent security researc...
Government, Industry Focusing on Issue of Resiliency
WASHINGTON–As things stand right now, the United States has no overarching national information security policy or centralized agency responsible for defending the government’s networks in the event of a serious cyberattack. There have been many pushes over the years to change that and put one...
Dan Geer: Security at the Forefront of Policy Decisions
LAS VEGAS – Dan Geer carried his version of computer security’s Ten Commandments to a rapt Black Hat 2014 audience today, offering up 10 personal recommendations and observations related to the current state of security in the context of government surveillance and eroding privacy. Adorned in...
A cynic's take on cyber czars and 60-day reports
On July 17, 2008, then Senator Barack Obama held a town hall meeting on national security at Purdue University. He and his panel covered issues of nuclear, biological and cyber security. I blogged about the event here and here. As part of his remarks at the event, Senator Obama stated: Every...