Global Issues Press Release Confirming Breach March 30, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, credit card, cybercrime, cybersecurity, data breach, data security, Global Payments, mastercard, PCI DSS, visa
add a comment
Thank you to a person for pointing this out to me via LinkedIn. GlobalPayments, Inc. has issued a press release confirming it was their system that was compromised. You can read it here. They have disabled cutting and copying so here is a screenshot.
BitDefender: “Anonymous is ‘good’ for security” – REALLY?! March 28, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.Tags: bitdefender, Chris Mark, cybersecurity, mark consulting group, PCI DSS, security, slutwalk
add a comment
A March 14th, 2012 article on ZDNetAsia sums up one of the major problems with security. Specifically, it is the victims that are consistently blamed for the crime and the belief (very arrogant, I might add) that companies simply don’t care about security and this is why they are victimized. According to the article:
“Alexandu Catalin Cosoi, chief security researcher at BitDefender, for one, said that hacktivist group Anonymous has been “good” for security. This is because even though it had disclosed people’s personal information publicly online, the security breaches it organized had a positive impact, he added. Now, more companies are willing to secure their networks and private data, which is good news, he stated.” (more…)
“We Can’t Live in Castles” – FBI Official Concedes; CyberSecurity Policy is a Failure March 28, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, cybersecurity, deterrence theory, fbi, InfoSec, risk management, US CyberSecurity Policy
add a comment
In my Google alerts today was an article from Foxnews titled: “Retiring FBI Official Says Current US CyberSecurity Strategy ‘Unsustainable'” Shawn Henry, the FBI’s Assistant Director for CyberSecurity refers to the increasing cyber attacks on government and corporate targets and says: “We are not winning”. All I can say at this point is…WOW..again we are beating a dead horse! In 2010, I said the same thing at an InfraGard event in Salt Lake City, and RSA has said the same thing. We sound like broken records at this point. This post will likely be a bit more pointed and blunt than most but my frustration is mounting on the subject. For a shameless plug on my own research brief, please read: “A Failed State of Security” now published by IDGA.
CyberAttacks against corporates, committed by individuals are crimes. Crimes are human acts undertaking by living, breathing, thinking human beings. CyberSecurity, at its core, is about more than building castles to keep the princess protected. It is also about changing human behavior to deter the criminal behavior.
“deterrence is ultimately about decisively influencing decision making. Achieving such decisive influence requires altering or reinforcing decision makers’ perceptions of key factors they must weigh in deciding whether to act counter to (our interests) or to exercise restraint.”[1] (more…)
France’s PATROIT Act? – “Visit Website; Go to Jail” March 23, 2012
Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism.Tags: al qeada, Chris Mark, france murders, mark consulting group, PATRIOT, privacy, Red Scare, security, terrorism
add a comment
In the aftermath of the murder of 7 people in France by a self-proclaimed Al Qaeda militant, France’s president Nicolas Sarkozy has proposed a sweeping law that would jail those who visit extremist websites. “Anyone who regularly consults Internet sites which promote terror or hatred or violence will be sentenced to prison,” he told a campaign rally in Strasbourg, in eastern France. “What is possible for pedophiles should be possible for trainee terrorists and their supporters, too”
The murders of 7 people in Toulouse were horrific. Among those killed were a Rabbi and several children at a Jewish school. The murderer, 23 year old Mohamad Merah, was killed by French police after a standoff. (more…)
“Failed State of Security”- Published by IDGA March 21, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.Tags: Chris Mark, cybersecurity, deterrence theory, IDGA, InfoSec, mark consulting group, research brief, whitepaper
add a comment
The Institute for Defense and Government Advancement (IDGA) has published the whitepaper “Failed State of Security”; A Rational Analysis of Deterrence Theory & Its Effect on Cybercrime. Check it out!
Abstract “In reviewing the literature on criminology and information security it appears that, while they share many common themes, there is a disconnect between the criminological theory and its application in information security. Information security, as a field, is focused on the protection of information assets. Criminology is focused on the prevention of criminal behavior. As most information security practitioners will likely attest, there is little overlap between the two fields and there has been little research or focus on the use of crime theories on the prevention of cybercrimes. This paper attempts to bridge the gap between the fields and highlight the deficiencies in the current approach of compelling victims to prevent cybercrime as opposed to deterring the criminals from committing cybercrimes.”
Global Security, Privacy, & Risk Management 