Chris Mark @ AT&Ts #ChatDPD talking about Privacy July 8, 2014Posted by Chris Mark in Uncategorized.
Tags: #ChatDPD, AT&T, business, Chris Mark, privacy, security, small
add a comment
Join AT&T tomorrow (July 9th) at 3pm Eastern for an AT&T Small Business Twitter discussion where we will be answering questions related to privacy. You can tweet your questions in real time or follow us in real time at: https://twitter.com/hashtag/chatdpd?f=realtime I look forward to catching up on Twitter!
Tags: adaptive, Breach, Chris Mark, cyber, decision science, proximate reality, security, threats
1 comment so far
July’s issue of TransactionWorld Magazine was just released. Click here to read my latest article, “Understanding Proximate Reality to Improve Security” Here is a preview..
“Various reports are published annually that analyze data breaches, opine on the root causes of the data theft and frequently ascribe blame to one party or another. It always invites scrutiny when a well-known security firm or analyst makes a definitive statement such as “X% of breaches could have been prevented through the implementation of basic controls, such as patching.”
This position is not only inconsistent with accepted risk management practices, but also confuses the basic concepts of correlation and causation while ignoring the very human element of adaptation. Unfortunately, companies that subscribe to these simplistic views of the industry and threats are exposing themselves to very real dangers. As supported by the increasing number of breaches identified each year, information security is no longer a domain for amateurs and requires the application of lessons learned from domains such as intelligence, anti-terrorism, and decision science to make effective decisions.
Two important concepts borrowed from the intelligence and anti-terrorism domains can be used to help CSOs and others make relevant decisions related to their risk posture and other aspects of data security. These concepts are known as Proximate Reality and Adaptive Threats.” Read More!
Tags: AT&T, Chris Mark, compliance, compromise, data breach, DSS, hack, PCI, risk, security
I was privileged to be able to speak at an AT&T BPO event in 2013. In Feb 2014 AT&T Marketing published the videos. I found one but was unaware they had published all 3. I hope you enjoy. (remember…the camera adds 10 lbs! ;)
Understanding Deterrence & Crime Prevention June 25, 2014Posted by Chris Mark in Uncategorized.
Tags: actor, Chris Mark, crime, criminal justice, deterrence, game theory, punishment, rational
1 comment so far
This following an excerpt from the 2012 research brief titled “Failed State of Security; A Rational Analysis of Deterrence Theory and Cybercrime.” I was recently provided a blog post by an ‘expert’ in which the author was again blaming the victim of a data breach while chiding companies for believing that they should not expect law enforcement to be there when you need them. The author misses a major purpose of the criminal justice system; Deterrence of criminal behavior. I late 2013 a US Senator stood in front of a Target store and blamed Target for their data breach. Interestingly, this senator did not state that the US should redouble efforts to deter cybercrime through more effective laws or more aggressive law enforcement actions. Until the laws and criminal justice system can begin to deter such behavior, cybercrime will continue to plague data industries. So what is deterrence?
Deterrence theory has applications in a variety of fields including military, and maritime security settings, foreign affairs, and in criminology, to name a few. While seemingly unrelated, when looked at closely, the similarities are apparent. Each these fields involve human decisions and humans that have the ability to behave and act in a manner contrary to the wishes of the other party. It is the ‘human element’ that is being modified by deterrent strategies.
The concept of deterrence is relatively easy to understand and likely extends to the earliest human activities in which one early human dissuaded another from stealing food by employing the threat of violence against the interloper. Written examples of deterrence can be attributed as far back as the Peloponnesian War, when Thucydides wrote that there were many conflicts in which one army maneuvered in a manner that convinced the opponent that beginning or escalating a war would not be worth the risk. In the 4th Century BC, Sun Tzu wrote: “When opponents are unwilling to fight with you, it is because they think it is contrary to their interests, or because you have misled them in to thinking so.” While most people seem to instinctively understand the concept at the individual level, contemporary deterrence theory was brought to the forefront of political and military affairs during the Second World War with the deployment of nuclear weapons against Nagasaki and Hiroshima. (more…)