The Future Series report was a joint venture between the World Economic Forum and the University of Oxford. It was designed to convene a range of experts in the field to discuss and research the issues arising from critical emerging technologies. The programme involved interviews, workshops and research, and this is the final output in the series.

(more…)

An information security assessment is the process of determining how effectively an entity being assessed (e.g., host, system, network, procedure, person—known as the assessment object) meets specific security objectives. Three types of assessment methods can be used to accomplish this—testing, examination, and interviewing. Testing is the process of exercising one or more assessment objects under specified conditions to compare actual and expected behaviors.

(more…)

MITRE ATT&CK is an open framework and knowledge base of adversary tactics and techniques based on real-world observations ATT&CK provides a common taxonomy of the tactical objectives of adversaries and their methods Having a taxonomy by itself has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community But it also serves as a real technical framework for classifying your current detection efforts and identifying gaps where you are blind to certain types of attack behaviors.

(more…)

The coronavirus (Covid-19) pandemic has changed the way many organizations operate as remote work has become the norm. However, moving from a customary office to a home-based workstation — potentially as a long-term arrangement — poses new security risks for businesses as more threat actors attempt to capitalize on Covid-19-related unease.

(more…)

Payment fraud is a fact of life. Businesses and consumers need to be wary of it at all times. But during a crisis, extra vigilance is required. Criminals will seek to exploit new vulnerabilities and changes in behaviour. There have been reports of COVID-19 related scams across the UK.

(more…)