C3L - Meet the team!

 Introduction to the people behind this blog! This blog is where members of C3L post about current projects, spread a bit of information, and write about their personal interests in order to create a wider outreach.  The blog has three main authors contributing: Scott (the director of the company), Alex (researcher and co-developer), and Grace (Research assistant for the company.) The purpose of this post is to officially introduce each of us as individuals in order to give a small insight into who we are and what we're like at C3L as people.  Firstly introducing, Scott:  I'm Scott, I started the company to take advantage of an opportunity to work in standards way back in 1995 and have managed to keep my hand in since. My background is in engineering and I've been doing it since leaving school and university. I'd like to think I'm good at it, taking a holistic systems view to things and looking into why they aren't secure and then trying to find ways to fix thin

Open Source Intelligence Applied to Cybersecurity

  Introduction   The application of Open Source Intelligence (OSINT) to cybersecurity is not something most businesses will use everyday it is an area worth understanding and having knowledge of. Since it  is a vital resource to stay on top of events and threats which may threaten a business. The vast majority of businesses will not collect OSINT themselves but rely on specialist reporting. This post will aim to give an overview of it.  OSINT can be defined as an intelligence that is produced from publicly available information and is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement. In the cybersecurity field, OSINT is used widely to discover vulnerabilities in IT systems and is commonly named Technical Foot-printing. Foot-printing is the first task conducted by hackers – both black and white hat hackers – before attacking computer systems. Gathering technical information about the ta

C3L supporting Poole Hospital Charity event - March for Men 2021

 The employees of C3L are taking part in March for Men 2021 and would appreciate your support.  Poole Hospital are calling on men - sons, fathers, brothers, uncles, grandfathers as well as their loved ones, to come together to walk, jog or run either 1km, 5km or 10km to help raise important funds to support men from across Dorset receiving treatment for prostate cancer at Poole Hospital. March for Men is a virtual event, meaning you can undertake your walk or run at a location of your choice anytime during March. No matter your age, ability or gender you can be a part of this amazing event. Poole Hospital Charity are excited to be joining March for Men for the first time and taking part to raise vital funds for men's health in Dorset. With your support, they can make a difference to men receiving life saving cancer treatment at Poole Hospital. If you would like to donate this event there are links provided: https://www.justgiving.c

Cognitive Psychology and Cybersecurity

 Introduction  This post will aim to give an overview of the application of cognitive psychology to cybersecurity and how it can be used to enhance human factors within the field of cybersecurity.    Cognitive psychology is defined as the branch of psychology devoted to studying mental processes. There are many different types of mental processes and how people use them in their unique ways to draw conclusions and make decisions. Thus, cognitive psychology encompasses a very broad range of subjects. These include but not limited too; r easoning; j udgment; a ttention and decision making. Which are the areas social engineering attacks aim to undermine to manipulate.  An important thing to remember about cognitive psychology is that it isn't just about the thoughts that an individual have but also about how those thoughts impact their behaviour. Cognitions, or thought processes, are what happens to someone between perceiving something with their senses and behaviour in response.   Th

Cybersecurity and Usability

  Introduction   The topic of cybersecurity and usability is a topic I have covered before though with a focus on IoT. This post will aim to take a broader view along with covering additional ideas and concepts. It is subject that cannot be learned once and then filed away since with every new design there is a risk of forgetting the design principles for usability plus often there is a chance when usability is considered from the start it may be weakened by feature creep and changing requirements. Therefore it is always worth reminding yourself and refreshing the principles behind usability in cybersecurity.  Design  Getting the balance between cybersecurity and usability is critical because at the either extreme w e can make systems secure enough to never be attacked but this would also mean no one could ever access or use them  conversely systems that are really easy to use might have little or no security though it is still possible to design a system with no security and be diffic

Another Look at the Cultural Splinternet

 Introduction Previously when I have written about the cultural splinternet it has been a vague idea to explore some concepts and thoughts. So this post will aim to give a bit more substance to the idea of the cultural splinternet. So firstly, the splinternet can be defined as  a characterisation of the Internet as  splintering and dividing   due to various factors, such as technology, commerce, politics, nationalism, religion and interests. Secondly, culture can be defined as  an umbrella term which encompasses the social behaviour and norms found in human societies, as well as the knowledge, beliefs, arts, laws, customs, capabilities, and habits of the individuals in these groups. Therefore, the  cultural splinternet is the internet divided into different elements such as language, ideas, interests and beliefs. This can be on the same types of platforms or distinct platforms serving a particular language or common interest. Depending on the context the cultural splinternet is not nec

DRM, DLP and Cybersecurity

  Introduction The purpose of this post is to examine how Digital Rights Management (DRM)  and Data Loss Presentation (DLP) software, when used together, can potentially improve the cybersecurity of an organisation. With the nature of work has changed due to COVID-19 we need to explore new ideas for companies to keep their people and assets safe.  DRM  tools  are a set of  access control  technologies for restricting the use of  proprietary hardware  and  copyrighted  works.  DRM technologies aim to control the use, modification and distribution of copyrighted works (for example  software  and multimedia content), as well as systems within devices that enforce these policies. DLP software  detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring,  detecting and blocking sensitive data while  in use  (endpoint actions),  in-motion  (network traffic) and  at rest  (data storage). DRM is not often considered a  cybersecurity  issue but more often a

The Realities of Online Learning during a Pandemic

The Realities of Online Learning during a Pandemic As a Second Year Undergraduate, I have had an interesting university experience so far. I missed half of the first semester due to surgery and then my first year was cut short in the beginning of March due to the first lockdown in the United Kingdom, so off I went home to complete the rest of my lectures that had been pre-recorded for the semester.   After Easter, exam season was supposed to be in full swing but exam dates were pushed back three times due to sorting out how they were going to work and what software we were going to use. In the end, the exams were on our VLE (virtual learning environment) platform and were made open book due to Lecturers saying "We cannot monitor you, so to be safe, exams are now open book." Completing my exams at my kitchen table, drinking coffee / eating breakfast and wrapped in a blanket was a surreal experience and in comparison to my Sixth-Form and Secondary School exams that were stress-