“Goodnight Sweetheart, Its Time To Go…” Away from Gmail…over Privacy March 1, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, cybersecurity, gmail, google, mark consulting group, privacy, security
add a comment
Starting today, Google will consolidate over 60 (that’s right…60) privacy policies into one, big, fluffy, wonderful new privacy policy. Unfortunately, some of the changes are less than appealing and are simply too much for me to live with. You can read more about the changes on CNN.com. According to Google: “We just want to use the information you already trust us with to make your experience better. “If you don’t think information sharing will improve your experience, you don’t need to sign in to use services like Search, Maps and YouTube. “If you are signed in, you can use our many privacy tools to do things like edit or turn off your search history, control the way Google tailors ads to your interests and browse the Web ‘incognito’ using Chrome.” My beef comes from the fact that they will be compiling a personal ‘dossier’ on every user. They crawl through Gmail to look for advertising opportunities etc. After watching J Edgar on Vudu a few days ago, I don’t want to end up with a personal file. (that was a joke by the way) In the event you decide to stay with Google, here is a guide published by the Electronic Frontier Foundation (EFF) that explains how to use the services while protecting your privacy to some degree. Form more privacy related information, please visit: www.DrHeatherMark.com.
“Another BRIC in the Wall”; 2012- The Year of Internet Regulation? February 27, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, cybersecurity, International Telecommunications Union, Internet Regulation, mark consulting group, privacy
add a comment
The Internet started life in the 1960s as a project funded by DARPA known as ARPANET. ARPANET was decommissioned in 1990 and in 1995 NSFNET was decommissioned opening the network for commercial use. The Internet was officially born. The impact of the Internet on science, culture, and politics cannot be overstated. The Internet is a wordwide network of interconnected computers. It operates without a centralized governing body although ICANN and the DNS root changes are primarily governed by the US. The fact that the Internet allows for the free flow of information and that it is not ‘regulated’ in a conventional sense is what makes the Internet such powerful tool for science, revolution, politics, medicine, education and about every other aspect you can image, as well as such a threat to some.
On December 8th, 2011 FCC Commissioner Robert McDowell stated: The communications public policy effort that may affect all of us the most in 2012, however, will take place far from our shores. As we sit here today, scores of countries, including China, Russia and India (*the RIC in BRIC), are pushing hard for international regulation of Internet governance. While we have been focused on other important matters here in the U.S., the effort to radically reverse the long-standing international consensus to keep governments from regulating core functions of the Internet’s ecosystem has been gaining momentum. The reach, scope and seriousness of this effort are nothing short of massive. But don’t take my word for it. As Russian Prime Minister Vladimir Putin said last June, “the goal of this effort is to establish “international control over the Internet using the monitoring and supervisory capabilities of the International Telecommunications Union.” (more…)
“Caveat Emptor”- Facebook reading private text messages?! February 27, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: android, Chris Mark, cybersecurity, facebook, mark consulting group, markconsultinggroup.com, privacy, security
add a comment
UPDATE: According to Facebook, this story was incorrect. To ensure the accuracy of my own reporting, here is their statement taken from MSNBC: “The Sunday Times has done some creative conspiracy theorizing but the suggestion that we’re secretly reading people’s texts is ridiculous. Instead, the permission is clearly disclosed on the app page in the Android marketplace and is in anticipation of new features that enable users to integrate Facebook features with their texts. However, other than some very limited testing, we haven’t launched anything so we’re not using the permission. If we do, it will be obvious to users what’s happening. We’ll keep you posted on our progress.” (more…)
Why Regulation Cannot Prevent CyberCrime (TransactionWorld) February 6, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.Tags: Chris Mark, cybercrime, cybersecurity, InfoSec, Maritime Security, risk management, security, transaction world
add a comment
As the maritime industry is increasingly focused on protection of data assets, I thought it would be beneficial to include an article on the topic. This article is one I wrote for TransactionWorld in July, 2011. It is titled: “Why Regulation Cannot Prevent CyberCrime” and is a continuation on the discussion of the impact of deterrence on behavior.
“Data security and privacy regulation have increased significantly over the past 10 years. The U.S. now has 46 state breach notification laws and there have been numerous bills introduced in Congress that propose to regulate personally identifiable information and to dictate security of such data. In spite of this increasing regulation, data breaches continue to plague the industry. Some have proposed that more regulation is the answer. Unfortunately, regulation alone is inadequate to prevent data theft and protect data.
At its core, data theft and network intrusions are crimes. At the risk of oversimplifying the work of criminologists, crime prevention can be summarized as using deterrents to affect protection of assets and prevention of theft. Protection applies to the ‘hardening’ of targets by implementing controls that increase the level of difficulty of perpetrating a crime. A vault is a good example of a protective measure. While no vault is completely impenetrable, vaults do provide significant protective value. Data security controls are protective measures. They are designed solely to limit attempts to obtain the target of value. Without a deterrence effect, criminals are free to attack companies at will without fear of retribution. This article will explore the value of deterrence in the prevention of crime.” (read full article here)
Roque Wave; Secure Payments Article January 11, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, InfoSec, InfoSec & Privacy, mark consulting group, markconsultinggroup.com, PCI, PCI DSS, risk management, roque wave, secure payments, security
add a comment
This is an excerpt from an article I wrote a couple of years ago called “The Rogue Wave”. It discusses a high level overview of Doctrine, Tactics and Strategy and applying PCI DSS as doctrine…You can read the full article here.
“Recent data compromises have continued to illustrate the challenges of securing data in an increasingly hostile environment. Companies are faced with securing and protecting their valuable information form a growing number of increasingly sophisticated and organized groups determined to steal valuable data. Historically, the response to data compromises has been to pass and enforce increasingly strict standards, regulations, and laws detailing the specific steps companies must take to protect data and the required disclosure should data be compromised. Those companies that are the unfortunate victims of data thieves are criticized and vilified for “losing data”. In spite of the efforts being focused upon compliance with the various laws and standards, data compromises continue in their steep upward trend seemingly unabated…”
Global Security, Privacy, & Risk Management 