Chris Mark Speaking at 2014 AT&T CyberSecurity Conference August 25, 2014Posted by Chris Mark in Uncategorized.
Tags: adaptive, AT&T, Chris Mark, cyber, deterrence, hack, PCI, risk, security, threat
add a comment
At 10 am on September 3rd, 2014 Chris (that is me) will be speaking at the 16th annual AT&T CyberSecurity Conference in New York City. My particular discussion will be on the Human Element of Security. From providing armed force protection in Mogadishu to unarmed security in a psychiatric ward through information security and anti-piracy work in the Gulf of Aden, I have learned that the underpinnings of security transcend all security domains. My presentation will hit on the concepts of rationality, Knightian uncertainty, parallax, proximate reality, change blindness, deterrence, and threat adaptation to provide tools CSOs can use to make more informed decisions about security.
Chris Mark @ AT&Ts #ChatDPD talking about Privacy July 8, 2014Posted by Chris Mark in Uncategorized.
Tags: #ChatDPD, AT&T, business, Chris Mark, privacy, security, small
add a comment
Join AT&T tomorrow (July 9th) at 3pm Eastern for an AT&T Small Business Twitter discussion where we will be answering questions related to privacy. You can tweet your questions in real time or follow us in real time at: https://twitter.com/hashtag/chatdpd?f=realtime I look forward to catching up on Twitter!
Tags: adaptive, Breach, Chris Mark, cyber, decision science, proximate reality, security, threats
1 comment so far
July’s issue of TransactionWorld Magazine was just released. Click here to read my latest article, “Understanding Proximate Reality to Improve Security” Here is a preview..
“Various reports are published annually that analyze data breaches, opine on the root causes of the data theft and frequently ascribe blame to one party or another. It always invites scrutiny when a well-known security firm or analyst makes a definitive statement such as “X% of breaches could have been prevented through the implementation of basic controls, such as patching.”
This position is not only inconsistent with accepted risk management practices, but also confuses the basic concepts of correlation and causation while ignoring the very human element of adaptation. Unfortunately, companies that subscribe to these simplistic views of the industry and threats are exposing themselves to very real dangers. As supported by the increasing number of breaches identified each year, information security is no longer a domain for amateurs and requires the application of lessons learned from domains such as intelligence, anti-terrorism, and decision science to make effective decisions.
Two important concepts borrowed from the intelligence and anti-terrorism domains can be used to help CSOs and others make relevant decisions related to their risk posture and other aspects of data security. These concepts are known as Proximate Reality and Adaptive Threats.” Read More!
Tags: AT&T, Chris Mark, compliance, compromise, data breach, DSS, hack, PCI, risk, security
I was privileged to be able to speak at an AT&T BPO event in 2013. In Feb 2014 AT&T Marketing published the videos. I found one but was unaware they had published all 3. I hope you enjoy. (remember…the camera adds 10 lbs! ;)
New Security Reference Blog…The Security HOG June 13, 2014Posted by Chris Mark in Uncategorized.
Tags: Chris Mark, compliance, risk, Scout Sniper, secuerityhog, security
add a comment
Security HOG is a complement to the GlobalRiskInfo site but is solely focused upon providing insight and education on the concepts of security, risk and compliance. Having worked in numerous security domains for over 20 years has provided me with valuable insight into the concepts and underpinnings of the science and art of security. Whether we are talking about physical security, operational security, information security or cybersecurity, the basic concepts remain the same. This blog will focus on the more esoteric, yet important, concepts of proximate reality, deterrence & compellence, parallax and convergence, threats & vulnerabilities, risk, and more.
Some might wonder what, if any significance, HOG has to the discussion of security? Within the USMC a person who is not a Scout/Sniper is known as a Professionally Instructed Gunman or PIG while a trained Scout/Sniper is known as a Hunter of Gunman or HOG. As a former Marine Corps Sniper I am a HOG and this is the reason the site is called Security HOG. Not too creative, I am afraid but it seemed to have a ring to it…