jump to navigation

Because I Said So September 23, 2012

Posted by Heather Mark in cybersecurity, Industry News, InfoSec & Privacy, Laws and Leglslation, Politics.
Tags: , , , , ,
add a comment

Last week, Democratic leaders made some minor news when they sent a letter to President Obama suggesting that he issue an executive order on Cybersecurity.  Their position is that, since Congress seems to be at loggerheads over the issue, the president should take the opportunity to force action by issuing an Executive Order.  In fact, Secretary of Homeland Security Janet Napolitano told a congressional committee that just such an order was in its final stages.  So what might we see in this forthcoming order?

According to reports, the order will attempt to regulate sixteen “critical” industries.  The guidelines will be voluntary, after a fashion.  Compliance with the standards may determine eligibility for federal contracts.  The White House has not made any secret about its intentions on Cybersecurity.  In fact, the White House website lists  “Ten Near Term Actions to Support Our Cybersecurity Strategy.”  Brevity prevents me from getting into a deep discussion about those actions here, but you can read them and draw your own conclusions.

The questions remain, however – 1) how stringent (read intrusive) will the requirements be?; 2) Will they be relevant to the threats in the landscape?; 3) How will compliance be policed? and 4) How much additional cost are we potentially adding our already stretched budgets?

Another question that merits examination is whether or not the standards will be redundant.  Many industries are already straining under the weight of a variety of infosec requirements – whether industry-regulated or government mandated?  Will another layer of regulation mean increased efficacy of data protection strategies and mandates or will it be just another layer of red tape?

 

 

 

“Democracy or Friendship?” – The US Role in Supporting Democracy July 31, 2012

Posted by Chris Mark in Laws and Leglslation, Politics.
Tags: , , , , , ,
4 comments

Heather Mark completed her PhD in Public Policy & Public Administration ‘several year’ ago.  Her Dissertation was titled: “The Role of the United States Foreign Policy in the Global Adoption of Democratic Governance”.  The US has long espoused the position of supporting democracy.  Does the US actually practice what it preaches?  Here is an excerpt from Heather’s dissertation:

“As the twentieth century wore on, however, the threats to democracy became less specific, but presidents and policymakers continued to use the ideology to frame their policy statements.  This begs the question: “Do the actions of the United States actually further the cause of democracy, as policymakers indicate?”  If the U.S. public knew the effect of U.S. actions on democracy, would the rhetoric still be as effective?”

Download and read her dissertation here.  Make your own decisions regarding the US’s role.

“The UN, Guns, and US Constitution” – Explaning the Arms Trade Treaty July 27, 2012

Posted by Chris Mark in Laws and Leglslation, Politics, terrorism, weapons and tactics.
Tags: , , , , , , , ,
add a comment

Recent events in the US have once again ignited the debate over control of guns within the US.  This post is not a political debate rather an introduction to US gun issues and, more specifically, actions of the United Nations.   First, for some quick statistics.  According to the US Firearms Institute between 40% – 50% of US homes own firearms.  There are between 250 million  and 280 million firearms in the US owned by between 120 million and 150 million US citizens.  Hunting, shooting, and firearms are deeply embedded in the US culture and history.   In fact, the right to own firearms is guaranteed in the US Constitution’s 2nd Amendment which states: “A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.”   As every 6th grader knows, the 2nd Amendment is part of the Bill of Rights which was passed in 1791.   While many people don’t agree with the 2nd Amendment the US Supreme Court has upheld the amendment and clarified the intent in several cases: (more…)

“Let’s Talk Data Security” – Heather Mark in July 2012 Greensheet & TransactionWorld July 9, 2012

Posted by Chris Mark in cybersecurity, Data Breach, Laws and Leglslation, News, PCI DSS.
Tags: , , , , , , ,
add a comment

Heather Mark is interviewed in the July 2012 issue of Greensheet in the article titled: “Expert Advice on Security Defense and Planning”.    The article discusses strategies for preventing and dealing with data breaches with the payment card industry.    Additionally, Heather has an article in TransactionWorld titled: “New School vs. Old School: Security and Emerging Technologies”.  You can catch Heather’s articles every month in Transaction World Magazine.

Collective Security & the Payment System June 11, 2012

Posted by Heather Mark in Laws and Leglslation, PCI DSS, Politics.
Tags: , , , , , , , ,
1 comment so far

I recently attended an event focused on payment security and fraud prevention.  It was an outstanding event and the presentations and panels were incredibly valuable – not something that I frequently say about payment security events these days.  However, one term came up a couple of times that got me thinking.  That term was “collective security.”  As many of you know, I have a background in public policy and my dissertation was, in fact, on US foreign policy and our strategic interests abroad, so the mention of collective security set off my poli sci radar.  But I wondered if collective security was really an appropriate phrase for what we’re doing in the payments industry.  To address that question, it is necessary to first define collective security in its traditional sense.

Collective security was first formally introduced by the Peace of Westphalia in 1648, a series of treaties that put an end to a number of wars that had been plaguing Europe.    Very simply put, collective security is an arrangement in which all stakeholders agree that their security depends upon the security of each of the other stakeholders.  (more…)