Thursday, September 27, 2007

Deirdre Mulligan: Data breach laws have had positive effect

Deirdre Mulligan is quoted in's article, "Data breach laws 'make companies serious about security'."

The legislation has had a positive effect on security, according to Deirdre Mulligan, clinical professor of law at the UC Berkeley School of Law.

She told "I believe that the law has heightened the attention paid to information security. The initial impact of the law was likely to make incidents public but the lasting effect should be to reduce the number and severity of breaches by creating incentives to invest in security."

Mulligan said her research had shown that security breaches drive information exchange among security professionals - for example some chief security officers summarised news reports from breaches at other organisations and circulated them to staff with 'lessons learned' from each incident.

She said: "The goal of the law was to improve security practices, not provide notices. Research and anecdote both suggest that it has improved practices along many dimensions. As practices improve, notices should decrease."

Some organisations have a 'that could have been us' moment and patch systems with similar vulnerabilities to the organisation that had a breach. The introduction of the legislation has meant an improved focus on security and better information about costs of failure, which allows for sounder investments, she added.

Pam Samuelson named a Berkman Center Fellow

Pam Samuelson was named a fellow to the Berkman Center for Internet & Society. Professor Samuelson will be presenting the keynote on October 10 to the IP and the Trend towards Openness conference. Details about Berkman fellows may be found in: "UN: Berkman Center Announces 07-08 Fellows."

Wednesday, September 26, 2007

Engineering a new curriculum

CNet's article, "Engineering a new curriculum," discusses an interview with UC Berkeley Dean of Engineering Shankar Sastry. Dean Sastry discusses changes in the engineering curriculum, including mixing soft sciences such as sociology and economics with engineering. This work is also part of the mission of the Team for Research in Ubiquitous Secure Technology (TRUST).

Sunday, September 09, 2007

Trust Autumn 2007 Conference

The TRUST Autumn 2007 Conference October 10-11, 2007 will be held in Ithaca, NY and hosted by TRUST partner institution Cornell University.

  • Conference Information - The latest information on the event can be found on the conference page of the TRUST website at Please check back frequently as this page will be updated as more information is available.
  • Conference Hotel Information Trust website account required, see How can I request a login account on this website?
  • Registration - In order to plan for your arrival and have an accurate headcount of attendees, please register to let us know you will be attending the conference. You may register online.
  • Schedule - We are still finalizing the conference agenda and schedule of events. The conference will run from ~8:30 AM to 5:30 PM on October 10 and ~8:30 AM to 12:00 PM on October 11. Breakfast and lunch will be provided both days and we are organizing a dinner for the evening of October 10. Please check the conference page of the TRUST website for the latest information and agenda.
  • The conference will feature TRUST researchers who are advancing a leading-edge agenda to improve the state-of-the art in cybersecurity and critical infrastructure protection. It will provide you with an opportunity to hear firsthand about research, education, outreach, and technology transition activities within the TRUST center. We hope you will join us for this exciting event! If you have any questions or need additional information, please contact Sally Alcala, the TRUST Program Coordinator, at salcala at eecs dot berkeley edu or 510-643-8425.
  • Symatec Graduate Fellowship

    Darren Shou, Senior Manager at Symantec Research Labs writes:

    [...]we're now accepting applicants for our 2008 Symantec Fellowship. This is a multiple award, one year fellowship for graduate students pursuing innovative research related to information security and availability. It provides a $20,000 stipend, plus tuition and fees and is distinguished by an opportunity to work along-side our leading researchers.