all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Security policy audits: why and how. (arXiv:2207.11306v1 [cs.CR])

Add to bookmarks
July 26, 2022, 1:20 a.m. | Arvind Narayanan, Kevin Lee

cs.CR updates on arXiv.org arxiv.org

Information security isn't just about software and hardware -- it's at least
as much about policies and processes. But the research community overwhelmingly
focuses on the former over the latter, while gaping policy and process problems
persist. In this experience paper, we describe a series of security policy
audits that we conducted, exposing policy flaws affecting billions of users
that can be -- and often are -- exploited by low-tech attackers who don't need
to use any tools or exploit …

audits policy security security policy

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

A Graph Transformer-Driven Approach for Network Robustness Learning 13 hours ago | arxiv.org
analysis arxiv attack attacks +14
The Curse of Recursion: Training on Generated Data Makes Models Forget 13 hours ago | arxiv.org
arxiv chatgpt clear cs.ai +21
Signing in Four Public Software Package Registries: Quantity, Quality, and Influencing Factors 13 hours ago | arxiv.org
applications arxiv can challenge +18
LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and … 13 hours ago | arxiv.org
arxiv automated benchmarks bugs +14
Performance-lossless Black-box Model Watermarking 13 hours ago | arxiv.org
address arxiv assets backdoor +19
Radio Frequency Fingerprinting via Deep Learning: Challenges and Opportunities 13 hours ago | arxiv.org
air arxiv authenticate challenges +18
FuzzLLM: A Novel and Universal Fuzzing Framework for Proactively Discovering Jailbreak Vulnerabilities in Large Language … 13 hours ago | arxiv.org
arxiv attention can communities +18
Hiding in Plain Sight: Disguising Data Stealing Attacks in Federated Learning 13 hours ago | arxiv.org
aggregation arxiv attacks batch +16
Post-Quantum Hybrid Digital Signatures with Hardware-Support for Digital Twins 13 hours ago | arxiv.org
arxiv authentication breach cloud +24

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Information Systems Security Engineer (ISSE)

@ Wyetech | Ft. Belvoir, Virginia
View on infosec-jobs.com

Security Consultant, FedRAMP Assessment | Remote US

@ Coalfire | United States
View on infosec-jobs.com

PAI/OSINT Administration Policy SME

@ Accenture Federal Services | Washington, DC
View on infosec-jobs.com

Field CISO

@ Lacework | United States
View on infosec-jobs.com

Risk Advisory Forensic Technology Services Senior

@ KPMG India | Mumbai, Maharashtra, India
View on infosec-jobs.com
View more jobs