“Failed State of Security”- Published by IDGA March 21, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.Tags: Chris Mark, cybersecurity, deterrence theory, IDGA, InfoSec, mark consulting group, research brief, whitepaper
add a comment
The Institute for Defense and Government Advancement (IDGA) has published the whitepaper “Failed State of Security”; A Rational Analysis of Deterrence Theory & Its Effect on Cybercrime. Check it out!
Abstract “In reviewing the literature on criminology and information security it appears that, while they share many common themes, there is a disconnect between the criminological theory and its application in information security. Information security, as a field, is focused on the protection of information assets. Criminology is focused on the prevention of criminal behavior. As most information security practitioners will likely attest, there is little overlap between the two fields and there has been little research or focus on the use of crime theories on the prevention of cybercrimes. This paper attempts to bridge the gap between the fields and highlight the deficiencies in the current approach of compelling victims to prevent cybercrime as opposed to deterring the criminals from committing cybercrimes.”
“Warren & Brandeis Cringe”- Identification through Typing March 21, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, DARPA, InfoSec & Privacy, mark consulting group, privacy, security, the right to privacy, typing authentication, warren and brandeis
add a comment
Several years ago a few researchers demonstrated that the way in which people type is unique enough to be used to identify that person with a high degree of confidence. It is not simply speed but includes cadence, time between particular keystrokes and other aspects. This week DARPA announced that they are working to make the solution a reality. Due to the uniqueness of a person’s typing DARPA says: “mimicking keystroke dynamics is physiologically improbable,” This means that it would increase the challenge of masquerading as another person. I mark this up as “good in theory and terrifying in practice”. In a talk last year a DARPA representative explained the process as such: “is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.” This is precisely where the issue comes to life. (more…)
Social Media – Dangerously Anonymous & Plausibly Deniable March 19, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.Tags: Chris Mark, facebook, hacktivism, mark consulting group, plausible deniability, Social media, terrorism
add a comment
Today on Foxnews was a story about a person who claimed to be an occupy Wall Street protester who tweated a threat to kill a police officer. A user with the name “Smackema1” tweeted: “We won’t make a difference if we don’t kill a cop or 2,” What is interesting about this is that the person had never attended any Occupy protests and was actually in Florida when he sent the tweet. The author, who police are trying to identify, clarified his remarks to a Florida newspaper when he said: “It’s not like I meant anything of it. Who takes anything like that seriously? I’m in Florida, what am I going to do?” (more…)
The Carpenter, Not the Hammer, Builds the House March 8, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management, weapons and tactics.Tags: Chris Mark, cybersecurity, InfoSec, mark consulting group, risk management, security
add a comment
I was in a discussion yesterday with a friend of mine who happens to be the Editor in Chief of The Counter Terrorist Magazine. Chris and I served together long ago and I always enjoy talking to him as he is one of the most insightful people I know. He mentioned what he felt was the over reliance on technology in CT operations and how it was causing people to lose sight of the fact that it is the people that matter and not the tools.
I find this particularly relevant in all areas of security but especially in information security. In a past life I operated as a Marine Scout/Sniper. When my civilian friends learn of this, it is not uncommon for me to hear the question: “What is the best rifle to use?” (more…)
Turncoat Rolls on Anonymous March 7, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: Chris Mark, cybersecurity, InfoSec, InfoSec & Privacy, security
add a comment
This is a post I struggled to write. I struggle because I do not personally agree with LulzSec’s or Anonymous’ objectives and tactics but this post is not about their tactics or views. Rather it is a discussion in ethics and honor between people and lessons to be learned about human behavior. The links have some very interesting stories of how “Sabu” turned on his own group.
As a young Marine I remember an old salty Gysgt. telling us: “Courage is not a lack of fear. That’s what we call crazy. Courage is when you are afraid and still being able to act in the face of your fear.” (more…)
Global Security, Privacy, & Risk Management 