Human and Organisational Aspects of Security
In most of the famous past security incidents, the main issue was not technical.
Rather, systems failed for putting unreasonable requirements onto their
users, risk models where insufficient or outdated, security was too hard to
integrate or too expensive to be economic, or the policies and
and procedures of the organisation failed to integrate into the corporate
Together with University partners, we are working on to analyse where the weak
spots in human and organisational behaviour are, and develop countermeasures
and recommendations to mitigate these risks while supporting usability and
Another increasingly important aspect is the interaction of society and policy with security.
The increasing focus on 'Cyberwar', for example, has lead many governments to actively collect
'Cyberweapons' both to prepare for a military conflict and to increase surveillance options. This in turn had an impact on the vulnerability-market. Researchers that find a vulnerability have less and less incentive to report it to the responsible vendor, but instead find it increasingly lucrative to sell them to governments. Due to the wide reach of software, any vulnerability that might help monitor potential terrorists also puts numerous civilian infrastructures in danger.
Am I a mercenary: Consequences of using the Law of War in Cyberspace.