jump to navigation

Dr. Heather Mark in ACAMS Today (Dec, 2014 – Feb, 2015 edition) January 9, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
add a comment

LaunderingThe incomparable Dr. Heather Mark, PhD, CAMS, CCEP, CISSP, CIPP  has a new article out in ACAMS Today.  This is “The Magazine for Career-Minded Professionals in the Anti-Money Laundering Field”.  The title of her article is “TPPPs, the fine line between risk and effectiveness.”  You can read the article here!  The article discusses third party payment processors (TPPPs) and the balance between regulatory risk and benefits.

Update on Blogging and New Articles in TransactionWorld March 8, 2013

Posted by Chris Mark in cyberespionage, cybersecurity, Industry News.
Tags: , , , , , , , ,
add a comment

March coverI want to apologize for not blogging as frequently.  My new job has me hopping at the moment and I am writing extensively for AT&T’s Networking Exchange Blog.  You can check out my blog posts at AT&T’s Networking Exchange Blog .  In addition to my own articles, there are a number of other valable posts from other contributors.  Finally, Heather Mark and I both have articles in the March edition of TransactionWorld Magazine.  You can read Heather’s article here and Chris’ article here.

Chris Mark & Heather Mark in Feb 2013 TransactionWorld February 1, 2013

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , ,
add a comment

Feb%20CoverFebruary’s edition of TransactionWorld was released today and both Chris and Heather have articles in the issue.  Chris (that is me) wrote “Security in Dangerous Waters; Pirates & CyberCrime” while Heather wrote “Shifting Targets; Dealing with Regulatory Shifts in Data Security & Privacy”.   Please be sure to check out the articles..

Chris Mark in Jan 2013 TransactionWorld: “Only Certainies are Death, Taxes, and PCI DSS.” January 2, 2013

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

jan%20coverChris Mark (this guy with two thumbs) is in the January 2013 edition of TransactionWorld Magazine.  You can read my article titled: “In 2013 the only certainties are Death, Taxes, and the PCI DSS” in which I opine about the need for PCI DSS and other security standards as we enter 2013.   The bio on the article is not accurate and still references an old position I had at ProPay. That being said, ProPay is a great company for which I was fortunate and proud to have worked, a company at which my illustrious wife, Dr. Heather Mark still works, and a company who deserve a big Congrats for being acquired by TSYS!..all in all…no harm, no foul.

Beating an Old Drum October 27, 2012

Posted by Heather Mark in cybersecurity, Data Breach, Industry News, InfoSec & Privacy.
Tags: , , , , , , ,
add a comment

It’s the end of what has already been a tough year for data security.  And the news just got worse.  South Carolina has announced that its Department of Revenue suffered a major breach.  The breach is so massive, in fact that more than 75% of the state’s residents have been affected.  The compromised data consisted of the (unencrypted) social security numbers of more than 3.6 million residents.  Also included in the breach were about 390,000 payment cards.  Most of those were encrypted, though.

This is disturbing on a number of levels.  I find it curious, for example, that while encryption was deployed, it was only deployed on payment cards (and not even on all of those).  Consumers have built in protections on payment cards.  As long as those cards are branded by one of the major card brands, consumers are protected against liability for fraudulent transactions.  The far more sensitive data, the social security numbers, were not encrypted, though.  This defies logic.  Consumers have little to no protection against misuse of SSNs.  Not only can very real financial damage be done, consumers have to spend enormous resources (time, money, emotions) in untangling the identity theft knot that comes with stolen SSNs.

Secondly, in the wake of the breach, Governor Nikki Haley issued an executive order that read: “I hereby direct all cabinet agencies to immediately designate an information technology officer to cooperate with the State Inspector General who is authorized to make recommendations to improve information security policies and procedures in state agencies.”  WHAT?  If I’m inferring correctly, it seems that these agencies didn’t have an information technology officer already?? That is very troubling, particularly considering the types of data that state agencies hold.  After 3.6 million (out of about 4.7 million) residents have had their sensitive data stolen is not a great time to decide that data security and privacy should become priority.

Private sector organizations have been working for years to shore up their data security, and in some cases (PCI DSS, HIPAA/HITECH, GLBA, SOX, state laws) face real consequences for failure to protect that data.  It’s long past time states put forth the same level of protection.  On the plus side, the state did comply nicely with its own data breach notification law.

Follow

Get every new post delivered to your Inbox.

Join 302 other followers

%d bloggers like this: