Recently in Academia Category

After having completed my PhD-research, I have been mostly out-of-touch with what is happening on the academic side of life. Consulting and "doing things" have been very enjoyable and I do not regret for a second that I stopped being a researcher.

However, since I am teaching at a college again, I have also been starting to feel the itch of doing research, (co)authoring and --hopefully-- publishing papers.

Once disconnected from academia, it is very hard to get back into, and I expect to spending several months reading up and figuring out where the scientific tide has taken the community.

Yet, before I set sail and try to make an serious effort at getting back into doing research, I need to decide what topics are currently worth while investigating, and which appeal to me.

So, having said this, please let me know! Comment to this post, contact me, or send me an email message. I look forward to hearing from you!

Most businesses that are serious about identity management and logical access control have adopted Role-Based Access Control (RBAC) as a model to govern who has access to what.

In its most simple form, RBAC is extremely simple: an individual should be assigned permissions not based on who he is, but based on which role he plays. The role-based access control model has been extensively researched (including by me) and the mechanics of the approach are fairly well understood.

However, paying attention to how a technology is used is just as important as having that same technology available in the first place. In other words, the psychological factors surrounding the adoption and use of an access control model deserves as much attention as the model itself. I wish I had realized this when I was doing my PhD research.

For most universities and colleges, today is the first day of the new academic year.

The joys of overfull parking lots, stuffed cafeterias around lunch time, and battling through waves and waves of students on your way to your next meeting is offset greatly by the presence of "learning".

It sounds a little romantic, and possibly even naive and/or imaginary, but working in higher education has always given me the feeling that being around so many people who are learning has something reinvigorating.

Anton Chuvakin is not necessarily known for his subtle comments. One of his longer-standing objections is that academic research should address real problems and address things that really matter. Like Anton, I also have a background in academia (PhD in information systems), and I cannot help but agree with him.

After having lived and worked "in the real world" for a number of years, I cannot but come to the conclusion that most information security research is not science. Instead, it should be viewed as engineering.

When you read the reports of information security breaches at The Breach Blog (see http://www.breachblog.com) and SC Magazine (see http://breach.scmagazineblogs.com), one of the most remarkable patterns is the frequency of breaches occurring in colleges and universities.

Source: Scott Wright's Security Views

While it is true that many of the published breaches took place at colleges and universities, it is important to realize that institutes for higher education are typically more open and willing to share information with the outside world than many corporations of a similar size would be. Do not forget that even a small college may have upwards of 10,000 users (students, faculty, administration and staff). Those numbers go up significantly when the larger universities are also included.