jump to navigation

Playing in Mogadishu – The Dangers of False Security and the Value of Situational Awareness February 23, 2012

Posted by Chris Mark in Risk & Risk Management, weapons and tactics.
Tags: , , , , , ,
add a comment

UPDATE: This is a great video that shows the difficulty in reacting with a concealed weapon.  Let me be clear, I am a proponent of the 2nd Amendment but I think that people place too much trust in their firearms without proper training.

Recently, I was discussing gun laws and other issues with some gentlemen with whom I used to work.  I live in a state (Utah) that has very liberal gun laws and a LOT of people who carry concealed firearms.  A short 4 hour class with no proficiency testing any adult that is a US Citizen without a felony can carry a concealed weapon in Utah.  This is a scary proposition to many (including me). The men were talking with full confidence about how they feel more safe with their guns.  They referenced a few situations in which some woman had been assaulted and stated with full confidence that if the women had been armed, the assault would not have occurred.  I explained to them that it is more important to have situational awareness than it is to have a weapon.   (more…)

Security 101: “You don’t have to out run a bear…just your friends” February 22, 2012

Posted by Chris Mark in InfoSec & Privacy, Piracy & Maritime Security, Risk & Risk Management, weapons and tactics.
Tags: , , , , , , , ,
add a comment

Yesterday MSNBC had a story that discussed the “arms race” between Somali pirates and shipping companies.  The article discussed the increasing violence of the pirates.  While this should come as no surprise to anyone, it is a single statement that caught my attention. “Greater use of private armed security guards on ships and a much tougher approach by international navies is beginning to work, some… say. (more…)

“Lipstick on a Pig”- Vetting Armed Security Part 3 February 21, 2012

Posted by Chris Mark in Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , , , , ,
2 comments

The recent event where Italian military personnel killed “suspected pirates” off the coast of India should provide an exclamation point to shipping companies on the need to carefully evaluate the armed security protecting their vessels.  While military personnel were involved in this particular incident, it is simply a matter of time before private military contractors make the same mistake.  This post is part 3 of a series of posts on vetting companies.  You can read the previous posts here and here.

One of the tactics being employed by many companies within the maritime security arena, and especially those with little experience, is to promote the fact that they are “ICOC signatories” as evidence of their professionalism and expertise.  While there is little debate that the ICOC is a step in the right direction toward gaining some form of control over a growing industry, the ICOC is NOT and should NOT be viewed as anything more than what it is. Using the ICOC as any basis of evaluation of a security company is both dangerous and short sighted.  All companies should be signatories of the ICOC.  That being said, the ICOC is not intended to be a governance document or standard.  The purpose of the International Code of Conduct for Private Security Companies (ICOC PSC) is to: (more…)

“Trust but Verify”- Insider Threats & Intellectual Property Theft February 20, 2012

Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.
Tags: , , , , , , , ,
add a comment

According to the US Government, intellectual property theft costs the US approximately $250 billion per year.  Unfortunately, a large and growing percentage of this theft is due to insiders.  The human element of data security is a topic that I have written on numerous times.  This article follows one I wrote in August, 2011 titled: Security 101: The Human Element.

I have worked with a number of large (and small) organizations that were very focused on risk management and information security.  It is always disheartening when you find that the companies focus solely upon external threats and ignore one of the largest threats to their intellectual property; their own employees.  Humans are social creatures.  We make friends and we want to be trusted.  We also believe in our fellow person.  Nobody likes to feel like they are not trusted and consequently, few like to make others feel like they are not trusted.  Unfortunately, where data security and the protection of intellectual property is concerned, companies are well advised to adhere to the old adage: “Trust but Verify”.

With increased responsibility often comes increased authority and increased access to sensitive systems, and information.  Companies often make the mistake of believing that with increased responsibility comes a decrease in the need to monitor activity.  (more…)

With Privacy the Sum May Be Greater than the Parts February 17, 2012

Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.
Tags: , , , , ,
add a comment

Information Security can be described as the protection of data while privacy is defined as the appropriate use of data.  Volumes of data is collected on all of us every day.  Some of the data we voluntarily provide in exchange for additional benefits and services (airline mile programs, loyalty shopper programs, for example).  Other data we unknowingly provide such as shopping history. Regardless, we expect the custodians of the data to use it appropriately and maintain privacy.  Unfortunately, sometimes company’s pursuit of profits causes them to walk a very fine line as far as privacy is concerned.  The following is an example of where a company arguably violated the tenets of privacy while possibly not violating any laws.

According to a story reported recently, Target figured out a teenage girl was pregnant from her shopping history and inadvertently told her family.  The end result is that 1) Target knew (statistically they are right 90% of the time), and 2) Target, by sending pregnancy related coupons to the girl, informed her family that she was pregnant, without her knowledge or consent.  Here is how it happened. (more…)