Random Thoughts On Piracy Summit (I have to talk about guns a little ;) May 1, 2012
Posted by Chris Mark in Industry News, Piracy & Maritime Security, Risk & Risk Management.Tags: Anti Piracy, armed security, Chris Mark, combating piracy week, Maritime Security, markconsultinggroup.com, Scout Sniper, security, weapons
add a comment
In reflecting upon the Piracy Europe even in Hamburg that I attended last week, I was struck by a few things that were said and proposed. The speakers were generally very good although the material is getting a bit old at this point. With piracy at near 2007 levels, security vendors are scrambling to convince shipping companies that they are still needed. Selling on Fear, Uncertainty, and Doubt (FUD) seems to be the new way of business development.
With regard to the security vendors, there appeared to be two distinct perspectives on how to stop pirates. Neither seemed appropriate. One company had a rep get up and show a picture of himself with a Barrett .50 cal SASR (special application scoped rifle) (shown in the pic above with the very skilled, handsome and smart USMC Sniper..yeah its me). The intimation was that if you have larger guns, you have more ‘firepower’ and thus better security. This is a very simplistic way of thinking about security and demonstrates one of the challenges of maritime security. Security is not about technology…it is about people, strategies, and tactics. Tools (such as weapons) are useful but only if employed correctly. You can read the whitepaper “weapons and tactics in the prevention of piracy” here. This “goons with guns” approach was not well received and quite frankly, I felt it perpetuated what the attendees think of American security…knuckle-dragging, goons with guns. Blackwater is alive and well in the minds of most of those who attended the event. (more…)
Chris Mark Speaking in London- “Hactivists, CyberSpies, & Thieves: Risk & Data Centric Security” April 18, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, CISO Intelligence Forum, cybersecurity, http://ciso-intelligence.com/, InfoSec, mark consulting group, risk management, security
add a comment
On June 19th, Chris Mark (that is me;) will be hosting a workshop at the CISO Intelligence Forum: Energy in London, England. My particular workshop will be titled: “How to select a security vendor”. Not really..that was a bad joke 😉 (security geeks get it). The 1/2 day workshop will be titled: “Hactivists, CyberSpies, and Data Thieves: A Discussion of Risk & Data Centric Approaches to Security”. You can download the brochure here. While my own workshop is sure to be the most well attended (another bad joke), I do have to give some props to the other speakers. This event has some top shelf talent shelf talent speaking including speakers from the PCI SSC, Lanco, SOCA, and Northrup Grumman, among others. If you are looking for solid information on data security in the energy segment, this is the place to be.
“Blaming the Victim and the PCI DSS is…Passe”- PCI DSS; GlobalPayments & Data Theft April 1, 2012
Posted by Chris Mark in Data Breach, Industry News, InfoSec & Privacy, PCI DSS, Risk & Risk Management.Tags: Chris Mark, cybersecurity, data breach, Global Payments, InfoSec, mastercard, PCI, PCI DSS, visa
add a comment
In an effort beat the “PCI Evangelists”; “wagon jumpers”, “naysayers”, and “PCI Haters” to the punch, I am publishing my post on a Sunday evening. By tomorrow morning the speculation on how the GlobalPayments compromise occurred will be in full swing and no doubt, many will have already condemned the company for “PCI DSS non compliance” or being “sick, lame, or lazy” when it comes to their PCI DSS compliance or information security. Others will have published articles condemning the PCI DSS as ‘ineffective’, ‘irrelevant’, or simply ‘stupid’.
Before they are condemned I want to go on record and say it NOT a PCI DSS compliance issue that caused the compromise. Like Heartland Payment Systems, Royal Bank of Scotland Worldpay and many more before them, GlobalPayments has been held out as the paragon of PCI DSS compliance for years. Now that they have been breached they will be expected to wear a scarlet letter for the foreseeable future. I have no doubt that by the end of next week their status as a “Level 1 PCI DSS Compliant Service Provider” will have either been revoked by the card brands or be under “review”.In the same vein, there will be many who shout from the rooftops that the PCI DSS is “irrelevant”, “outdated” and so on. Neither of these positions are accurate.
Here it goes…(drum roll please)…
The PCI DSS is a solid set of information security controls and represents minimum necessary controls to minimize the likelihood of data compromise through common, identified vulnerabilities. (more…)
Richard A. Clarke: Every Major US Company has been Hacked by China March 31, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.Tags: china, cyber espionage, cyber war, cybersecurity, information security, PCI DSS, richard a clarke, Stuxnet
add a comment
According to an article and interview on FastCompany, Counter terrorism expert, and best selling author, Richard Clarke has gone on the record claiming that “…every major company in the United States has already been penetrated by China.” Mr. Clarke served under three presidents and currently runs a cybersecurity organization called Good Harbor. He is the author of CyberWarfare and several other books. You can read his interview in Smithsonianmag.com. One of his more compelling statements is:
“My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China….After a while you can’t compete.”
Risk 101 and my new $500 Million Fortune- Goodbye Work! March 29, 2012
Posted by Chris Mark in Risk & Risk Management.Tags: Chris Mark, jackpot, lottery, mega millions, risk, risk management, security
add a comment
I have written a number of posts on risk and probability in the past. You can read them here. As I was on the phone with a good friend last night talking about buying our Mega Millions lottery tickets for the very first time, I was struck by how amusing the whole situation was. My wife and I were talking with our friends about a strategy to buy lottery tickets. I was talking about buying lottery tickets for the very first time! First, they don’t sell MegaMillions in Utah, and I have never played the lottery. Why? I recognize that the chances of winning are infinitesimally small. (~1 in 176 million) So what changed last night?
The MegaMillions lottery approached $500 million for the jackpot! Can you believe it? I am going to be $500 million richer in the next few days! I just feel it. I have the winning numbers! Odds be damned! Goodbye GlobalRiskInfo.com and hello life of luxury on my new super yacht Risky Business! (I even have it picked out and named) (more…)
Global Security, Privacy, & Risk Management 