jump to navigation

Republican, Democrat, or Independent? January 24, 2016

Posted by Chris Mark in Industry News, Uncategorized.
Tags: , , , ,
6 comments

HeadshotChris2013_COMPI wrote an open letter to Sarah Palin two days ago and it has since generated almost 400,000 views.  While most of the comments have been polite and even somewhat spirited at times there are a few folks who have taken to name calling and insults.  For likely the first time in my life I was called a Democratic Socialist for not supporting Sarah Palin!  Here is my view.  I am an American.  I vote on issues but consider myself a Republican.  I am socially more liberal than most in the party but fiscally conservative and am an ardent supporter of the 2nd Amendment of the US Constitution.

I believe our system has become so divisive that debate and discourse have given away to name calling and insults.  My letter to Mrs. Palin was intended to shed light on a serious condition.  I would have written the same letter to a Democrat. In fact, you can see my latest post is one in which I comment on Michelle Obama.  I believe that our leaders should be held accountable.  I have written articles for the National Review and been interviewed on NewsMax.  I suspect most would classify me as a Republican

Dupont’s Titanium Oxide Color Recipe- Stolen for Chinese Advantage July 22, 2015

Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.
Tags: , , , , , , , ,
add a comment

Oddly (to me anyhow) this is the 2nd most  popular post on my blog!  It was written over 3 years ago but since it gets so much traffic I thought I should re-post.  Here it is in 2015!

Many mistakenly believe that only “high tech” secrets and intellectual property are targets for intellectual property theft.  In a clear example of how any propriety secret can be considered a target, a scientist (Tse Chao) who worked for Dupont from 1966-2002 (36 years!) pleaded guilty in Federal court on Thursday to committing espionage for a company controlled by the Chinese government.  Mr. Chao testified that he provided confidential information to Chines controlled Pangang Group. What did he steal? Among other things, the recipe for Dupont’s Titanium Dioxide.  What is TD used in?  Titanium Dioxide is the ingredient in many white products that makes the products white.  Products such as paint, toothpaste, and Oreo cookie filling!  Stealing the ingredients to Oreos shows just how low cyberthieves will go!   According to court documents: “DuPont’s chlorine-based process was eagerly sought by China, which used a less efficient and more environmentally harmful production method”

I have worked with a number of large companies who, when asked why they did not protect trade secrets, replied that they did not believe their industry or type of product was of interest.  Make no mistake.  If your company has a unique process, technology, or product, it IS of interest to many companies.  Unfortunately, the US Government has released reports that state that China is sponsoring much of the US and European cyber espionage.

photo from: http://www.titaniumexposed.com

Chris Mark in September 2013 – SC Magazine (Interview and Article) August 21, 2013

Posted by Chris Mark in cybersecurity, Industry News, PCI DSS.
Tags: , , , , , , ,
add a comment

sclogo_4In the August, 2013 edition of Secure Computing Magazine (SC Magazine), I have an interview and article included.  The interview is for the cover story called “Beyond the Checkbox; PCI DSS” and the article is called “Understanding Parallax and Convergence to Improve Security”.   Below is an excerpt from the article..be sure to check them out!

“To address today’s threats, companies require a high degree of convergent perspective, information expertise, and coordination between personnel and groups. Previously, companies could “make do” with basic security controls such as firewalls, Intrusion Detection System (IDS), and anti-virus. Attempting to understand the threats facing an organization and analyzing risk was often an afterthought, as companies relied upon simple compliance matrices and lists of “best practices” to secure their environment. This is no longer sufficient to address the threats of 2013.  A major mistake in information security implementation is what can be referred to as “security parallax.””

Update on Blogging and New Articles in TransactionWorld March 8, 2013

Posted by Chris Mark in cyberespionage, cybersecurity, Industry News.
Tags: , , , , , , , ,
add a comment

March coverI want to apologize for not blogging as frequently.  My new job has me hopping at the moment and I am writing extensively for AT&T’s Networking Exchange Blog.  You can check out my blog posts at AT&T’s Networking Exchange Blog .  In addition to my own articles, there are a number of other valable posts from other contributors.  Finally, Heather Mark and I both have articles in the March edition of TransactionWorld Magazine.  You can read Heather’s article here and Chris’ article here.

Beating an Old Drum October 27, 2012

Posted by Heather Mark in cybersecurity, Data Breach, Industry News, InfoSec & Privacy.
Tags: , , , , , , ,
add a comment

It’s the end of what has already been a tough year for data security.  And the news just got worse.  South Carolina has announced that its Department of Revenue suffered a major breach.  The breach is so massive, in fact that more than 75% of the state’s residents have been affected.  The compromised data consisted of the (unencrypted) social security numbers of more than 3.6 million residents.  Also included in the breach were about 390,000 payment cards.  Most of those were encrypted, though.

This is disturbing on a number of levels.  I find it curious, for example, that while encryption was deployed, it was only deployed on payment cards (and not even on all of those).  Consumers have built in protections on payment cards.  As long as those cards are branded by one of the major card brands, consumers are protected against liability for fraudulent transactions.  The far more sensitive data, the social security numbers, were not encrypted, though.  This defies logic.  Consumers have little to no protection against misuse of SSNs.  Not only can very real financial damage be done, consumers have to spend enormous resources (time, money, emotions) in untangling the identity theft knot that comes with stolen SSNs.

Secondly, in the wake of the breach, Governor Nikki Haley issued an executive order that read: “I hereby direct all cabinet agencies to immediately designate an information technology officer to cooperate with the State Inspector General who is authorized to make recommendations to improve information security policies and procedures in state agencies.”  WHAT?  If I’m inferring correctly, it seems that these agencies didn’t have an information technology officer already?? That is very troubling, particularly considering the types of data that state agencies hold.  After 3.6 million (out of about 4.7 million) residents have had their sensitive data stolen is not a great time to decide that data security and privacy should become priority.

Private sector organizations have been working for years to shore up their data security, and in some cases (PCI DSS, HIPAA/HITECH, GLBA, SOX, state laws) face real consequences for failure to protect that data.  It’s long past time states put forth the same level of protection.  On the plus side, the state did comply nicely with its own data breach notification law.

Follow

Get every new post delivered to your Inbox.

Join 496 other followers

%d bloggers like this: