Tuesday, 29 November 2011

Clarification required - two types of Open Innovation

There seems to be two types of open innovation being discussed and it is not always clear what is being referred to. One is the sort described and promoted by Henry Chesborough in his book ‘Open Innovation’. This refers to the concept that corporate technology research should be far more open to external sources and destinations for innovations. The second type, not covered here, is the use of customer feedback, crowd sourcing, social media etc. to provide open inputs into the commercial innovation process. This latter form is much closer to marketing, new product development and consumer issues, whereas the first type has the potential to radically improve the flow of knowledge and research between industry and universities. This is what particularly interests me.

Sunday, 20 November 2011

The 5 Aims of Information Security Research

The aim of information security research, it seems to me, is to understand, and thereby directly or indirectly improve security. There are five main objectives of security research:

1) To improve security in an organisational context;
2) To improve security at a particular point, or component, of technology;
3) To quantify, assess or manage security;
4) To integrate security into an otherwise insecure system, process or architecture;
and finally...
5)       To break security.

Monday, 14 November 2011

Information Security Research Resources

This link provides a great list of academic, industry and government sector resources on information security research.

Monday, 7 November 2011

Replacing passwords - easier tech than done

Replacing passwords has become a bit of a holy grail for cyber security startups. About 5 years ago I first came across a company proposing typing characteristics as a biometric login, and there seem to be a number of companies attempting something like that still. At VentureFest Bristol I came across PixelPIN who use images to replace passwords, and earlier this year I became aware of GridSure who use a pattern embedded in a varying grid of characters, as a one time password. I am not sure why technologies like these latter two have not taken off. They would seem to be potentially more secure than passwords and have lower maintenance costs - the costs of helping users who forget their passwords.