Digital identity schemes rely on access to devices, stable documentation, and digital literacy, resources that many vulnerable or low‑income people do not consistently have.
Digital ID systems create the infrastructure for mass data collection and behavioural tracking.
Age‑authentication laws that try to “segregate minors and suppress content” are a paradox: They seek to protect children, but harm them, and damage the broader internet and society.
CIS Top 18 Version 8 works sequentially too, so you implement control 1 and it sets you up in a good place to then implement control 2, and so on.
---
Cyber Essentials:
---
The UK's Cyber Essentials scheme is a certification standard (but you can ignore that and just use it as a checklist if you'd like).
It's designed for small to medium size organizations, and focused on getting the foundations right.
This would be a useful place to start but it won't cover some of the specific threats and risks associated with software/app development. See @snowstormsun's comment about OWASP Top 10 for that.
This was written by a venture capitalist who makes a tonne of assumptions about the future:
"The internet is still early in its evolution: the core internet services will likely be almost entirely rearchitected in the coming decades. This will be enabled by crypto-economic networks"
There are definitely a lot of problems with the current climate of tech monopolies, but the issue they describe is not related to them being centrally managed (see why decentralisation section).
I'm glad the author admits that web3 doesn't currently work due to fundamental issues with performance and scalability.
Fix that, and then lets see what you have to offer. Right now, people are being duped out of their money on a daily basis. Any gains made through specalative crypto investments are someone elses loss.
"We've the same issue here that helped to spawn the DevOps movement: Just as development and operations teams previously didn't work well together, InfoSec teams often continue to lack empathy and don’t collaborate well with other teams. We are sometimes the "no" team and in relation to identified vulnerabilities, we often recommend "patching" as our one size fits all treatment plan. Lots of the talk and work in and around DevSecOps has been about tooling and integration, but it lacks the collaborative and empathetic successes of the DevOps movement."
InfoSec Risk Management isn't rocket science but unless embedded throughout an organisations governance structure and then used to inform strategic decision making, it's basically shelfware.
This blog post is here to help folks avoid common pitfalls.
Digital ID systems create the infrastructure for mass data collection and behavioural tracking.
Age‑authentication laws that try to “segregate minors and suppress content” are a paradox: They seek to protect children, but harm them, and damage the broader internet and society.