UPDATE “Just Say No!”- to Facebook Login Request for Employment March 23, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: cybersecurity, facebook, InfoSec & Privacy, mark consulting group, privacy, security
add a comment
UPDATE: Kudos to Facebook for weighing in on this subject. Facebook says that not only is the practice wrong, but it is a violation of Facebook’s terms of service. Echoing what I (and others) have said, logging into someone’s FB page could expose the employer to a lawsuit. “(W)e don’t think it’s right the thing to do,” she said. “But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don’t hire that person.”
I find myself posting on this subject occasionally because a neighbor, friend or other person will inform me that during an interview or application they were asked to provide their Facebook or other ‘social media’ login. This topic seems to arise again, and again and was again highlighted on msnbc.com. So, for those who are asking or saying: “Chris, if you have nothing to worry about, then why do you care?” Valid question. Let me answer. First, if you are looking for a job, as a responsible professional person you should take care to not post inflammatory, racist, hateful or other items on your social media. If you are a proud member of a hate group, you may want to keep that info private. Pictures of you doing drugs, or being arrested in New Orleans is also probably a bad idea. (more…)
“Failed State of Security”- Published by IDGA March 21, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.Tags: Chris Mark, cybersecurity, deterrence theory, IDGA, InfoSec, mark consulting group, research brief, whitepaper
add a comment
The Institute for Defense and Government Advancement (IDGA) has published the whitepaper “Failed State of Security”; A Rational Analysis of Deterrence Theory & Its Effect on Cybercrime. Check it out!
Abstract “In reviewing the literature on criminology and information security it appears that, while they share many common themes, there is a disconnect between the criminological theory and its application in information security. Information security, as a field, is focused on the protection of information assets. Criminology is focused on the prevention of criminal behavior. As most information security practitioners will likely attest, there is little overlap between the two fields and there has been little research or focus on the use of crime theories on the prevention of cybercrimes. This paper attempts to bridge the gap between the fields and highlight the deficiencies in the current approach of compelling victims to prevent cybercrime as opposed to deterring the criminals from committing cybercrimes.”
“Warren & Brandeis Cringe”- Identification through Typing March 21, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, DARPA, InfoSec & Privacy, mark consulting group, privacy, security, the right to privacy, typing authentication, warren and brandeis
add a comment
Several years ago a few researchers demonstrated that the way in which people type is unique enough to be used to identify that person with a high degree of confidence. It is not simply speed but includes cadence, time between particular keystrokes and other aspects. This week DARPA announced that they are working to make the solution a reality. Due to the uniqueness of a person’s typing DARPA says: “mimicking keystroke dynamics is physiologically improbable,” This means that it would increase the challenge of masquerading as another person. I mark this up as “good in theory and terrifying in practice”. In a talk last year a DARPA representative explained the process as such: “is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.” This is precisely where the issue comes to life. (more…)
The Carpenter, Not the Hammer, Builds the House March 8, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management, weapons and tactics.Tags: Chris Mark, cybersecurity, InfoSec, mark consulting group, risk management, security
add a comment
I was in a discussion yesterday with a friend of mine who happens to be the Editor in Chief of The Counter Terrorist Magazine. Chris and I served together long ago and I always enjoy talking to him as he is one of the most insightful people I know. He mentioned what he felt was the over reliance on technology in CT operations and how it was causing people to lose sight of the fact that it is the people that matter and not the tools.
I find this particularly relevant in all areas of security but especially in information security. In a past life I operated as a Marine Scout/Sniper. When my civilian friends learn of this, it is not uncommon for me to hear the question: “What is the best rifle to use?” (more…)

