Videos are available on YouTube and for download to your own computer. For the moment, downloads are limited to students and staff from St Andrews University but the intention is to make downloads publicly available in the near future.Introduction to cybersecurity (video, slides)
This is a general introduction to cybersecurity that explains what cybersecurity means and the different aspects of cybersecurity.
This video describes the different types of cyber attack that can occur.
Discusses the difficulty of estimating the costs of cybersecurity incidents and explains why there are some fundamental sociotechnical reasons why cybersecurity is a serious problem.
Explains why technical solutions, on their own, cannot solve all cybersecurity problems and why we need to consider cybersecurity from a sociotechnical perspective.
Discusses steps that individuals and organisations can take to improve cybersecurity and explains how to create relatively secure passwords.
A cybersecurity incident that led to the spillage of sewage in a region of Australia.
A case study of cyberwarfare where a computer worm was used to attack the SCADA control systems of a uranium processing plant in Iran.
Secrets and Lies: Digital security in a networked world (B. Schneier, 2000, John Wiley and Sons)
Although this book is now several years old, it remains an excellent introduction to cybersecurity, by one of the leading commentators in the area. Schneier's blog is an accessible discussion of more recent issues.
The cybersecurity risk (S.L. Garfinkel, Comm. ACM, 55 (6), 2012)
A good general discussion of why cybersecurity is a problem and why it is so difficult to address this problem.
Cybercrime, cyberweapons, cyber wars: is there too much of it in the air? (S. Filshtinskly, Comm. ACM, 56 (6), 2013)
A general discussion of the capabilities of cybercriminals and how attacks said to be cyberwarfare are within criminal capabilities.
A taxonomy of operational cybersecurity risks (J.J. Cebula and L.R Young, Software Engineering Institute, 2010)
A thorough but rather dry discussion of cybersecurity risks.
Advice from the Uk government, produced by the UK's national security agency, on how to maintain cybersecurity.
Measuring the cost of cybercrime (R. Anderson et al. Workshop on Economics of Information Security, 2012)
An excellent paper that suggests that the costs of cybercrime are dominated by the expenditure on protection and that it would be more cost effective to spend less on protection and more on tracking down and prosecuting cybercriminals.
The true cost of unusable password policies (P. Inglesant and A. Sasse, Proc. SIGCHI conf, 2010)
A realistic paper that discusses the costs of badly thought out organisational password policies
Rethinking passwords (W. Cheswick, Comm. ACM, 56 (2), 2013)
A general discussion on the need for new approaches to authentication that do not depend on current password policies.
This article is an accessible description of the Stuxnet worm that attacked nuclear processing facilities in Iran.
A good blog covering the work of one of the world's leading research groups in cybersecurity.