Email, Meta Data and Non Repudation (“It wasn’t me!”…Shaggy) January 9, 2015
Posted by Chris Mark in Uncategorized.Tags: authentication, email, network solutions, non repudiation, silver star, Stolen Valor
add a comment
This is a simple primer on email, authentication and ‘non repudiation. To understand ‘non repudation’ as it applies to information security, it is important to understand repudiation. Repudiation is simply the act of denying or renouncing something. A suspect stating that they did not commit a crime is repudiating the crime. Non-repudiation is a concept in which a “..a party in a dispute cannot repudiate, or refute the validity of a statement or contract” Within information security this means that a person cannot dispute that he or she was the origin of an action. We will use email as an example.
Suppose a person (person A) sends an email to another person (person B) in 2011 in which they attach a document including claims to military heroics which resulted in the awarding of some honor..say a Bronze Star. Later, after it was discovered that person A was not awarded the bronze star and people began to question them Person A decided to disavow any association with said email or reference to the Bronze Star. In short, they have repudiated the claim that they sent the email and created the document. Person A goes a step further and claims that the document and the email were “forgeries” intended to sully their (Person’ A’s) good name. Is it possible to demonstrate with a high degree of confidence (or even certainty) that Person A was indeed the originator of the email and the author of the document? YES! This is where ‘non repudiation’ or the ability to prevent someone from disputing the action is important.
To understand how this can be achieved, there are a few concepts related to email that should be discussed.
1) Authentication– Authentication is is described on wikipedia as: “…the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true”. You can read more in an earlier blog post titled Security 101; Authentication. Authentication is an important part of access control and email. Email access control is managed by two components. 1) the user who is assigned a username and 2) the password or other authentication mechanism used to ‘authenticate’ to the system. By using the correct password that is only known to the user, the system ‘authenticates’ their access and allows them to access the email. The rigor of the authentication provides greater confidence that the person is the originator of the email. While ‘multi factor’ authentication provides the greatest confidence, a password also provides very strong non-repudiation for most purposes. (more…)
R&S Foundation (Charitable Organization for Recon, SARC, Snipers, and others) January 1, 2015
Posted by Chris Mark in Uncategorized.Tags: 503c, charity, Foundation, help, Marine, MARSOC, R&S Foundation, Recon, SARC, sniper, Suicide, Veterans
add a comment
“Honoring the Silent Professionals”
I am honored to announce the formation of a new charitable organization called the R&S Foundation. The R&S Foundation (named for Recon & Sniper) was formed to help our veteran Brothers and Sisters in need. Many are unaware that 22 veterans commit suicide per day. Many more struggle with physical, emotional and financial challenges. The Recon, Scout/Sniper, SARC, and MARSOC communities are in need of a foundation to help those who are in need of support. The R&S Foundation was born of a simple idea. Several years ago a Reconnaissance Sniper created a loose affiliation of Snipers, Recon Marines, SARCs, and MARSOC Marines which began informally helping each other. From this seed of an early idea some brothers from the community took the proverbial bull by the horns and created the R&S Foundation. Currently, the group is putting together the ‘non profit’ packet and have seated the Board of Directors (I am privileged to have been asked to be on the BOD). If you get a chance, please take a look at the Facebook page and give us a ‘like’. You can reach the Foundation by emailing; info@reconsniperfoundation.org
R&S Foundation is Live! (not for profit to help Recon, Sniper, MARSOC, SARC)! November 24, 2014
Posted by Chris Mark in Uncategorized.Tags: charity, Combat, facebook, Marine, MARSOC, not for profit, pipehitters, R&S Foundation, Recon, SARC, Scout Sniper, Suicide, Veteran, wounded
add a comment
“Honoring the Silent Professionals”
I am honored to announce the formation of a new charitable organization called the R&S Foundation. The R&S Foundation (named for Recon & Sniper) was formed to help our veteran Brothers and Sisters in need. Many are unaware that 22 veterans commit suicide per day. Many more struggle with physical, emotional and financial challenges. The Recon, Scout/Sniper, SARC, and MARSOC communities are in need of a foundation to help those who are in need of support. The R&S Foundation was born of a simple idea. Several years ago a Reconnaissance Sniper created a loose affiliation of Snipers, Recon Marines, SARCs, and MARSOC Marines which began informally helping each other. From this seed of an early idea some brothers from the community took the proverbial bull by the horns and created the R&S Foundation. Currently, the group is putting together the ‘non profit’ packet and have seated the Board of Directors (I am privileged to have been asked to be on the BOD). If you get a chance, please take a look at the Facebook page and give us a ‘like’. You can reach the Foundation by emailing; info@reconsniperfoundation.org
Please Remember those we lost on 9/11/01 September 11, 2014
Posted by Chris Mark in Uncategorized.add a comment
Today marks 13 years since terrorists attacked the United States. Over 3,000 people were killed in the attacks. As you go about your day, please don’t forget those we lost.
Chris Mark speaking at COMTEC 2014 by TouchNet August 27, 2014
Posted by Chris Mark in Uncategorized.Tags: AT&T, Breach, cardholder, Chris Mark, compromise, COMTEC, Data, data security, education, higher, PCI, TouchNet
add a comment
Chris Mark will be presenting at the 2014 COMTEC TouchNet Client Conference on PCI DSS and data security within the payment card industry. The title of the presentation will be Hitting the PCI Bullseye. COMTEC is the premier conference for Higher Education organizations. I was invited to speak in 2012 but found myself delayed returning to teh US as I was in the Gulf of Aden providing maritime security. Below is a description from the TouchNet website.
“Join us for the COMTEC pre-conference PCI Workshop: Hit the Bullseye on November 10th. This power-packed day of PCI and security training is vital for business, security, compliance, audit, and IT professionals who want to stay on target with changes in payment security rules in the coming year. You’ll get real-world advice on compliance and best practices from industry experts and campus leaders who are dedicated to information security.”
Global Security, Privacy, & Risk Management 