WELCOME to the Science Of Cybersecurity—where we establish the first founding principles of a new science of Information Security.
Some experts are adamant that Cybersecurity can never be established as a science. This is claimed to be so because—any and all social accessibility protections which are put in place will always have human opponents. That is, in this field alone, human antagonists exist—who work constantly to try and break any security measures present. Accordingly, Cybersecurity is not a science—but is more akin to a game, war or political struggle.
Whilst we do acknowledge the existence of vital social elements within the boundaries of the highly technical field of Cybersecurity; it is our belief that application of the scientific method—consisting of a combination of empirical observation and logical reasoning—must always play a significant and foundational role in any Cybersecurity scenario whatsoever. QED.
Our goal is to bring formalism to a field that doesn’t even have one—that is to bring unity, consistency and order—to the field of Information Security. Strangely absent is any kind of top-level theory, and missing are fundamental definitions and/or first-principles etc. Ergo, the system-designer’s job becomes one of—collecting partial formalism(s)—before somehow stitching them together. The net result is—partial truth(s) and/or sub-optimal approaches—or at least major difficulties.
Conversely, we seek to establish a foundational framework for the entire field of: Information Security; and by means of logical, integrated and holistic perspective(s)—combined with use of the scientific method.
The field of Cybersecurity is currently experiencing a major of Crisis Of Confidence—and in terms of the questionable truth/validity/usefulness of its most fundamental premises, arguments, conclusions and recommended security methods. Whereby data breaches, hacks, system-exploits and computer intrusions are now common-place.
According to Business Insider—in the year 2018—Private Personal and Confidential Business Records were hacked 1.4 Billion times!
In search of answers—we adopt a scientific approach to Cybersecurity—with the stated aim of eliminating all of the confusion, uncertainty and risk which plagues the subject area. Importantly, you will not find elsewhere any part of our new theory of Cybersecurity Science—because these materials are unique and they are not available on any website, book, blog, course and/or certification.
Everything here evolved from Alan Radley’s much-heralded book: ‘The Science of Cybersecurity – A Treatise On Communications Security (2015)’—which established the founding principles for a new science of Information Security. Whereby we have coined over 60 new terms in a comprehensive Cybersecurity Lexicon, identified 62 Cybersecurity Axioms, plus mapped 500 fundamental classes of Cybersecurity entities, states and processes etc.
And all of this information has been approved by over 100 leading Cybersecurity experts—so you know that it is pertinent, useful and correct.
A Quest For Insightful Answers
How do data breaches, hacks, system exploits and computer intrusions happen—and why? What occurs when Cybersecurity really works effectively, and can we systemise it? Or will the clever hacker always break into any networked device, sweeping all defences aside?
On a quest for insightful answers in his ground-breaking book and associated website, Dr Alan Radley proceeds to completely deconstruct, rationally analyse, meticulously rebuild and then sanely reassess the entire field of Cybersecurity.
A rigorous scientific methodology is applied to networked system design, leading to a comprehensive new model—and accurate taxonomic tree—of all possible types and classes of cyber-attacks and associated countermeasures. The upshot is a wholly original, astute and fearlessly honest—yet practically oriented—treatise on Cybersecurity.
Outlined here for the first time is a logical explanation of the fundamental theory and principal axioms of Cybersecurity as developed from first principles, and in a format ideally suited to both—the engineering-minded professional—and the less technically-oriented.
Our new theory of Cybersecurity is grounded on a set of core principles, including for example the Cybersecurity System Access Gateways (CSAG) diagram.
The CSAG diagram teaches that in order for a Datum or Datum-Copy—existing on a networked computer system—to have its inner meaning ‘extracted’ by either a legitimate user or else an illegitimate intruder—then that same party must first possess a means of opening up a PHYSICAL GATEWAY in order to see/touch the physical FORM of the Datum held on a Media of Storage, Transfer or Access (i.e. obtain a physical copy).
Next on said media the party traverses one or more VIRTUAL GATEWAYS to obtain the Datum’s raw format (i.e open a virtual copy). Finally the party in question—must decode the Datum’s inner meaning or CONTENT by traversing one or more of 3 kinds of MEANING GATEWAYS: named as the Metrical, Selectional and Descriptive layers—which may be nested together, one on top of another, in a russian-doll fashion.
Cybersecurity is then defined simply, and completely, as the continuous processes of PROTECTING (i.e. Locking, Blocking and/or Concealing) all necessary gateway types—that is defending the Datum’s inner meaning from unwarranted disclosure—whilst at the same time ENABLING legitimate users to access said Datum’s inner meaning by means of readily accessible system gateways. QED.
SCF 1.0 – InfoGraphic A
Cybersecurity System Access Gateways
Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley
SCF 1.0 – InfoGraphic G
Cybersecurity System Access Gateways
Source: ‘The Science Of Cybersecurity’ (2017) – by Alan Radley
Your Trusted Source…
Our work has a dual focus. Whereby on one hand at ScienceOfCybersecurity.com we seek to establish Cybersecurity as a Science—the same being a long-term goal that can only be achieved with the help of the Cybersecurity community. Luckily, a large number of security experts have contributed to our developing Science Of Cybersecurity Framework (SCF 1.0)—and said theory reflect(s) the knowledge of all these academic researchers, engineers and practitioners.
Secondly through the commercial medium of DataDirect we apply scientific method to real-world problems—and with the goal of producing truly effective security solutions. KeyMail (ShareMeDirect) and SyncMeDirect are two example security technologies that we have developed; and progress is under way on others including: FindMeDirect, ControlMeDirect and AdvertiseMeDirect.
Both aspects of our work—research and commercial—are evolving at a fast pace; and to keep up-to-date with developments at ScienceOfCybersecurity.com and DataDirect; sign up to our Cybersecurity Newsletter (email us requesting addition).
Also checkout the different categories under the Community Materials section—where we supply a large number of Cybersecurity resources; including links to: Alerts, Articles, Associations, Blogs, Books, Certifications, Websites and Papers etc.
We are on the lookout for partners/contributors; plus seek details of the very best Cybersecurity resources—so drop us a line!
Dr Alan Radley , Blackpool, UK.
KeyMail – Risk-free Data Transfer
KeyMail is used to send confidential items directly to colleagues across the Internet—with Absolute Security—and no third-party copies. KeyMail affords the strongest possible encryption protection for your private communications (RSA 4096 / AES 256)— and it meets/exceeds US Government standard for Top-Secret Data.
In a nutshell, having no vulnerable ‘third-party’ or ‘Cloud’ copies—of client-data, logins and encryption keys—to attack / steal—means no hacking chances for any and all Threat Actors.
KeyMail running on an Apple Computer
60 Cybersecurity Predictions for 2019 (Forbes)
A few extracts from the Forbes report: “60 Cybersecurity Predictions for 2019” are both salient and sobering.
IT security in 2019 is no longer going to simply be about protecting sensitive data and keeping hackers out of our systems. In this day and age of big data and artificial intelligence—where cooperation on data can lead to enormous business opportunities and scientific and medical breakthroughs—security is also going have to focus on enabling organizations to leverage, collaborate on and monetize their data without being exposed to privacy breaches, giving up their intellectual property or having their data misused.
Cybersecurity alone is not going to be enough to secure our most sensitive data or our privacy. Data must be protected and enforced by technology itself, not just by cyber or regulation. The very technology compromising our privacy must itself be leveraged to bring real privacy to this data-driven age.
—Rina Shainski, Co-founder and Chairwoman, Duality.
Managing privacy will be the new normal, like securing data or paying taxes. Privacy will continue on a similar path as the evolution of cybersecurity. The number of breaches and privacy-related incidents will continue to rise, up and to the right. This rise will be comprised of peaks and valleys. Like with security, a standard of constant privacy will become the new normal. For example, while many organizations treated GDPR as a project, with a finite end, compliance is a continuous exercise that requires the same focus and vigilance as security or taxes.
—Chris Babe, CEO, TrustArc.
GDPR was a great first step, but global regulation and governance still remain a complex web. The United States will continue to fall further and further behind in competency and international relations as our federal compliance efforts simply aren’t moving fast enough to meet worldwide requirements. Countries where privacy is prioritized and seamlessly integrated will see optimal growth.
—Tomas Honzak, Chief Information Security Officer, GoodData.
IoT, in its current state, is not secure. There are secure devices out there, but they are the exception rather than the rule. IoT will continue to be vulnerable in 2019.
—Erez Yalon, Head of Security Research, Checkmarx.
Gulf Information Security Expo & Conference
We are attending the exciting GISEC in Dubai from 1-3 April 2019.
GISEC is not just one of the most impactful cybersecurity shows in the region, but it is also the largest, overshadowing other events in terms of aspiration, diversity and scope. In its 7th edition, GISEC welcomed over 7,000 cyber-specific visitors, and is co-located with IoTX and Future Blockchain Summit, which collectively deliver over 12,000 visitors.
The agenda is directed by a powerful Advisory Board of senior end-users from Dubai Electronic Security Centre, Dubai Police and Smart Dubai. Tackling global cyber-security issues, it attracts a captive audience of decision makers from over 200 government departments and leading enterprises in the Middle East. The attendee profile is the most powerful in the Middle East, and in terms of buyers, one of the most attractive in the world.
CIOs, CISOs and CTOs along with their teams and departments travel from 86 counties to learn the next disruptive security events to affect their departments. Whether it’s to learn from global leaders at the world’s top companies, or to understand the next moves of the senior leaders in Middle East based companies, over 7,000 security professionals join a total audience of over 12,000 tech leaders in the Middle East’s biggest conversation on what’s going to impact them around the corner.
Alan Radley and Chris Green from ScienceOfCybersecurity.com will be attending GISEC; and if you are also attending we would be happy to meet up with you for a coffee. Drop us a line: email@example.com