<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>risk assessment &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/risk-assessment/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Fri, 02 Aug 2024 23:00:05 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>The CrowdStrike Outage and Market-Driven Brittleness</title>
		<link>https://noise.getoto.net/2024/07/25/the-crowdstrike-outage-and-market-driven-brittleness/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 25 Jul 2024 18:37:40 +0000</pubDate>
				<category><![CDATA[economics of security]]></category>
		<category><![CDATA[externalities]]></category>
		<category><![CDATA[incentives]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69194</guid>

					<description><![CDATA[<p>Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly <a href="https://www.independent.co.uk/tech/microsoft-outage-crowdstrike-global-it-flights-banks-windows-b2582964.html">7,000 flights were canceled</a>. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely be in the <a href="https://www.theguardian.com/technology/article/2024/jul/24/crowdstrike-outage-companies-cost">billions of dollars</a>­—easily matching the most costly previous cyberattacks, such as <a href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">NotPetya</a>.</p>
<p>The catastrophe is yet another reminder of how brittle global internet infrastructure is. It’s complex, deeply interconnected, and filled with single points of failure. As we experienced last week, a single problem in a small piece of software can take large swaths of the internet and global economy offline...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>New SEC Rules around Cybersecurity Incident Disclosures</title>
		<link>https://noise.getoto.net/2023/08/02/new-sec-rules-around-cybersecurity-incident-disclosures/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 02 Aug 2023 11:04:06 +0000</pubDate>
				<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[disclosure]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[risks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67607</guid>

					<description><![CDATA[<p>The US Securities and Exchange Commission adopted <a href="https://www.sec.gov/files/33-11216-fact-sheet.pdf">final rules</a> around the disclosure of cybersecurity incidents. There are two basic rules:</p>
<ol>
<li>Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk.
</li><li>Public companies must “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats” in their annual filings.</li></ol>
<p>The rules go into effect this December.</p>
<p>In an email newsletter, Melissa Hathaway wrote:...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>On the Catastrophic Risk of AI</title>
		<link>https://noise.getoto.net/2023/06/01/on-the-catastrophic-risk-of-ai/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 01 Jun 2023 11:17:46 +0000</pubDate>
				<category><![CDATA[artificial intelligence]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[risks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=67407</guid>

					<description><![CDATA[<p>Earlier this week, I signed on to a short <a href="https://www.safe.ai/statement-on-ai-risk">group statement</a>, coordinated by the Center for AI Safety:</p>
<blockquote><p>Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war.</p></blockquote>
<p><a href="https://www.nytimes.com/2023/05/30/technology/ai-threat-warning.html">The</a> <a href="https://www.theverge.com/2023/5/30/23742005/ai-risk-warning-22-word-statement-google-deepmind-openai">press</a> <a href="https://apnews.com/article/artificial-intelligence-risk-of-extinction-ai-54ea8aadc60d1503e5a65878219aad43">coverage</a> <a href="https://www.wired.com/story/runaway-ai-extinction-statement/">has</a> <a href="https://www.bbc.com/news/uk-65746524">been</a> extensive, and surprising to me. The <i>New York Times</i> headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.” <i>BBC</i>: “Artificial intelligence could lead to extinction, experts warn.” Other headlines are similar.</p>
<p>I actually don’t think that AI poses a risk to human extinction. I think it poses a similar risk to pandemics and nuclear war—which is to say, a risk worth taking seriously, but not something to panic over. Which is what I thought the statement said...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Securing Your Smartphone</title>
		<link>https://noise.getoto.net/2021/11/15/securing-your-smartphone/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 15 Nov 2021 14:18:15 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[Phishing]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[security analysis]]></category>
		<category><![CDATA[smartphones]]></category>
		<category><![CDATA[threat models]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=64052</guid>

					<description><![CDATA[This is part 3 of Sean Gallagher&#8217;s advice for &#8220;securing your digital life.&#8221;
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Advice for Personal Digital Security</title>
		<link>https://noise.getoto.net/2021/11/11/advice-for-personal-digital-security/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 11 Nov 2021 12:06:11 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[security analysis]]></category>
		<category><![CDATA[threat models]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=63857</guid>

					<description><![CDATA[ArsTechnica&#8217;s Sean Gallagher has a two&#8211;part article on &#8220;securing your digital life.&#8221;
It&#8217;s pretty good.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Presidential Cybersecurity and Pelotons</title>
		<link>https://noise.getoto.net/2021/02/05/presidential-cybersecurity-and-pelotons/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 05 Feb 2021 11:58:56 +0000</pubDate>
				<category><![CDATA[cybersecurity]]></category>
		<category><![CDATA[essays]]></category>
		<category><![CDATA[Internet of Things]]></category>
		<category><![CDATA[laws]]></category>
		<category><![CDATA[national security policy]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[risks]]></category>
		<category><![CDATA[software liability]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=61901</guid>

					<description><![CDATA[<p>President Biden wants his Peloton in the White House. For those who have missed <a href="https://www.washingtonpost.com/arts-entertainment/2019/12/12/peloton-wife-gets-it-is-laughing-along-with-everyone-else/?itid=lk_inline_manual_2">the hype</a>, it’s an Internet-connected stationary bicycle. It has a screen, a camera, and a microphone. You can take live classes online, work out with your friends, or join the exercise social network. And all of that is a <a href="https://www.nytimes.com/2021/01/19/us/politics/biden-peloton.html">security risk</a>, especially if you are the president of the United States.</p>
<p>Any computer brings with it the risk of hacking. This is true of our computers and phones, and it’s also true about all of the Internet-of-Things devices that are increasingly part of our lives. These large and small appliances, cars, medical devices, toys and — yes — exercise machines are all computers at their core, and they’re all just as vulnerable. Presidents face special risks when it comes to the IoT, but Biden has the NSA to help him handle them...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The Legal Risks of Security Research</title>
		<link>https://noise.getoto.net/2020/10/30/the-legal-risks-of-security-research/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Fri, 30 Oct 2020 14:14:26 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[business of security]]></category>
		<category><![CDATA[courts]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[risks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60408</guid>

					<description><![CDATA[<p>Sunoo Park and Kendra Albert have published &#8220;<a href="https://clinic.cyber.harvard.edu/files/2020/10/Security_Researchers_Guide-2.pdf">A Researcher&#8217;s Guide to Some Legal Risks of Security Research</a>.&#8221;</p>
<p>From a <a href="https://clinic.cyber.harvard.edu/2020/10/30/cyberlaw-clinic-and-eff-publish-guide-to-legal-risks-of-security-research/">summary</a>:</p>
<blockquote><p>Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions (DMCA &#167;1201), electronic privacy law (ECPA), and cryptography export controls, as well as broader legal areas such as contract and trade secret law.</p>
<p>Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance. Aimed at researchers, the public, and technology lawyers alike, its aims both to provide pragmatic guidance to those navigating today&#8217;s uncertain legal landscape, and to provoke public debate towards future reform...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>On Risk-Based Authentication</title>
		<link>https://noise.getoto.net/2020/10/05/on-risk-based-authentication/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 05 Oct 2020 16:47:01 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[authentication]]></category>
		<category><![CDATA[passwords]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[risks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[usability]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60286</guid>

					<description><![CDATA[<p>Interesting usability study: &#8220;<a href="https://riskbasedauthentication.org/download/rba-perceptions-paper.pdf">More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication</a>&#8220;:</p>
<blockquote><p><b>Abstract</b>: Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Negotiating with Ransomware Gangs</title>
		<link>https://noise.getoto.net/2020/09/30/negotiating-with-ransomware-gangs/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 30 Sep 2020 11:19:19 +0000</pubDate>
				<category><![CDATA[ransomware]]></category>
		<category><![CDATA[risk assessment]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=60274</guid>

					<description><![CDATA[<p>Really interesting <a href="https://redtape.substack.com/p/whats-it-really-like-to-negotiate">conversation</a> with someone who negotiates with ransomware gangs:</p>
<blockquote><p>For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, can perhaps be comported so as not to break any laws (like anti-terrorist laws, FCPA, conspiracy and others) &#173; and even if payment is arguably unlawful, seems unlikely to be prosecuted. Thus, the decision whether to pay or ignore a ransomware demand, seems less of a legal, and more of a practical, determination &#173; almost like a cost-benefit analysis...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 33/169 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-11 22:04:44 by W3 Total Cache
-->