Tags: adaptive, Breach, Chris Mark, cyber, decision science, proximate reality, security, threats
1 comment so far
July’s issue of TransactionWorld Magazine was just released. Click here to read my latest article, “Understanding Proximate Reality to Improve Security” Here is a preview..
“Various reports are published annually that analyze data breaches, opine on the root causes of the data theft and frequently ascribe blame to one party or another. It always invites scrutiny when a well-known security firm or analyst makes a definitive statement such as “X% of breaches could have been prevented through the implementation of basic controls, such as patching.”
This position is not only inconsistent with accepted risk management practices, but also confuses the basic concepts of correlation and causation while ignoring the very human element of adaptation. Unfortunately, companies that subscribe to these simplistic views of the industry and threats are exposing themselves to very real dangers. As supported by the increasing number of breaches identified each year, information security is no longer a domain for amateurs and requires the application of lessons learned from domains such as intelligence, anti-terrorism, and decision science to make effective decisions.
Two important concepts borrowed from the intelligence and anti-terrorism domains can be used to help CSOs and others make relevant decisions related to their risk posture and other aspects of data security. These concepts are known as Proximate Reality and Adaptive Threats.” Read More!
Tags: Chris Mark, security, InfoSec & Privacy, data security, PCI DSS, cybersecurity, cybercrime, data breach, deterrence, active, response, active response, fight
1 comment so far
“Everyone has a plan until the’ve been hit” – Joe Lewis
Having spent numerous years providing armed and unarmed physical security in combat zones, hospital emergency rooms, psychiatric wards, and anti-piracy operations off the coast of Somalia has given me a deep respect for force continuum and the dangers of unnecessarily provoking an escalation by a volatile and dangerous adversary.
As cyberattacks continue to plague American companies as well as the payment card industry, there is a growing voice within the cybersecurity industry to allow and empower companies to take offensive action against cyber attackers. This is frequently referred to as ‘hacking back’ or ‘offensive hacking’. Several prominent security experts as well as some companies who have fallen victim to cyber-attacks have begun advocating that ‘a good offense is the best defense’. On May 28th, 2013 there was an online discussion in which an author of the upcoming book: The Active Response Continuum: Ethical and Legal Issues of Aggressive Computer Network Defense posted the following excerpt:
“There are many challenges facing those who are victimized by computer crimes, who are frustrated with what they perceive to be a lack of effective law enforcement action to protect them, and who want to unilaterally take some aggressive action to directly counter the threats to their information and information systems.” (emphasis added) (more…)
Tags: AT&T, Chris Mark, cybercrime, cybersecurity, data security, SC Magazine, Secure Computing, security
add a comment
In the August, 2013 edition of Secure Computing Magazine (SC Magazine), I have an interview and article included. The interview is for the cover story called “Beyond the Checkbox; PCI DSS” and the article is called “Understanding Parallax and Convergence to Improve Security”. Below is an excerpt from the article..be sure to check them out!
“To address today’s threats, companies require a high degree of convergent perspective, information expertise, and coordination between personnel and groups. Previously, companies could “make do” with basic security controls such as firewalls, Intrusion Detection System (IDS), and anti-virus. Attempting to understand the threats facing an organization and analyzing risk was often an afterthought, as companies relied upon simple compliance matrices and lists of “best practices” to secure their environment. This is no longer sufficient to address the threats of 2013. A major mistake in information security implementation is what can be referred to as “security parallax.””
Update on Blogging and New Articles in TransactionWorld March 8, 2013Posted by Chris Mark in cyberespionage, cybersecurity, Industry News.
Tags: AT&T, Chris Mark, cyber security, data breach, Heather Mark, Network Exchange Blog, PCI, PCI DSS, requirements
add a comment
I want to apologize for not blogging as frequently. My new job has me hopping at the moment and I am writing extensively for AT&T’s Networking Exchange Blog. You can check out my blog posts at AT&T’s Networking Exchange Blog . In addition to my own articles, there are a number of other valable posts from other contributors. Finally, Heather Mark and I both have articles in the March edition of TransactionWorld Magazine. You can read Heather’s article here and Chris’ article here.
Chris Mark’s Article in “The Counter Terrorist Magazine” January 28, 2013Posted by Chris Mark in cyberespionage, cybersecurity.
Tags: china, Chris Mark, cyber espionage, cybersecurity, Duqu, Flame, security, The Counter Terrorist, Unlimted warfare
add a comment
I received my copy of February/March 2013 International edition of The Counter Terrorist Magazine and imagine my surprise when I am the cover article! I have written for a number of publications but I have to say my favorite is The Counter Terrorist. It is a great periodical for anyone interested in World affairs, Terrorism, and Counter Terrorism. My article is titled “World Cyber War”. In the article I talk about the differences in the perspectives of war between the East and the West, as well as provide examples of how cyber operations have already been used to further national interests. China is highlighted for their interpretations of war and warfare in “Unlimited War”, as well as Russia, and a few others. Overall, I think it is one of my better articles. To read The Counter Terrorist, you must subscribe either online or in print. Check out…The Counter Terrorist Magazine.