Mapping security requirements for IT users at home and in small organisations. Emma Osborn. University of Oxford November 2018 Thesis.
Emma Osborn and Andrew Simpson. Computers & Security 2017 journal article.
Articles exploring some of the basics of cyber security, for anyone needing to develop their own cyber security function and wondering where to start.
People make mistakes... all the time. It's inevitable, it's difficult to fix with technology and represents at least one step in the majority of successful breaches. Technology helps people and cyber security makes sure technology is less likely to help people make mistakes.
In big organisations, cyber security has often reached a level of maturity where the “low hanging fruit” have been addressed. The next big challenge is to understand the risk that comes from the supply chain, which is populated with far smaller businesses.
Who do you invite through your security? Which documents bypass your controls? Who is looking over your shoulder? Security isn't just about the tech, it's about the people who use it too…
Commentaries on the adventures of running my own business…
I already knew from my research that the pressure to do good security was just one of many. I knew that the advice offered didn’t fit the business reality. We may ‘only’ be talking about passwords, updates and config… but security really is as hard in any context. So what are the 5 realities even a cyber security expert experiences?
Pragmatic cyber security for complex supply chains and the SMEs that live there. A reflection on how my research has influenced the way OCSRC works.
