New Role – AT&T Consulting PCI Practice Lead! January 4, 2013
Posted by Chris Mark in Uncategorized.Tags: AT&T, Chris Mark, Consulting, credit card, PCI DSS, QSA, security
add a comment
I am proud to announce that as of January 3, 2013 I have accepted and started a new position with AT&T Consulting. I am the new PCI Practice Lead directing the PCI DSS auditing and consulting efforts within AT&T. I am excited to work with the most experienced, professional PCI DSS experts and QSAs in the industry. I have had frequent opportunity to interact with the AT&T PCI team over the years and have been consistently impressed with their technical expertise and professionalism. Their industry leading services are testament to the quality of the team and the leadership that preceded me in this role. Please feel free to contact me if you have any PCI DSS needs!
Chris Mark in Jan 2013 TransactionWorld: “Only Certainies are Death, Taxes, and PCI DSS.” January 2, 2013
Posted by Chris Mark in Uncategorized.Tags: Chris Mark, data breach, Heather Mark, InfoSec, mastercard, PCI DSS, security, transactionworld, TSYS, visa
add a comment
Chris Mark (this guy with two thumbs) is in the January 2013 edition of TransactionWorld Magazine. You can read my article titled: “In 2013 the only certainties are Death, Taxes, and the PCI DSS” in which I opine about the need for PCI DSS and other security standards as we enter 2013. The bio on the article is not accurate and still references an old position I had at ProPay. That being said, ProPay is a great company for which I was fortunate and proud to have worked, a company at which my illustrious wife, Dr. Heather Mark still works, and a company who deserve a big Congrats for being acquired by TSYS!..all in all…no harm, no foul.
Donation Information For Newtown, CT December 16, 2012
Posted by Chris Mark in Uncategorized.Tags: CT, Donations, Newtown, sandy hook, United Way
add a comment
If you feel moved, please consider donating to those in Newtown, CT. As you can imagine, many families are struggling. You can donate through a local Newtown Bank or through the United Way.
c/o Newtown Savings Bank
39 Main Street, Newtown CT 06470
In Rememberance of Newtown, Connecticut December 14, 2012
Posted by Chris Mark in Uncategorized.Tags: adam lanza, newton connecticut, sandy hook, shooting
add a comment
Today a piece of America died at the hands of a person who murdered 20 innocent children and 6 innocent adults in Newtown, Connecticut. There are no words to describe the anger, horror, and sadness I personally feel and, I am sure, we all feel today. This holiday season, please remember what is important in life. Hug your children, loved ones, and friends a little tighter and remember those who died today.
If you are religious, please remember those who died and their families in your prayers and if you are not religious, please honor them in your own way. I will post opportunities to donate as they become available.
God Bless
Offensive Cyber Attacks – A Dangerous Proposition December 8, 2012
Posted by Chris Mark in Uncategorized.Tags: Chris Mark, cyber attaks, cybercrime, cybersecurity, deterrence, failed state of security, homeland security, jim cilluffo, mark consulting group, security
add a comment
Let me preface this by saying I have been outspoken about passive cyber defensive strategies and their failure. You can read my paper: “Failed State of Security” to learn more. On that note, Foxnews had a story today that had me scratching my head. The recommendations were pedestrian at best, and dangerous in the most severe cases. In short the article suggests that companies should take a more ‘offensive approach’ to preventing cyber attacks. Some of the recommendations include:
“Misinformation campaigns” such as planting fake documents and data for criminals to steal. As stated in the article: “One such strategy involves creating a disinformation campaign by distributing fake documents throughout a company’s own network to confuse and potentially misguide potential adversaries.” Companies today have a difficult time managing their own ‘real’ documents. This approach is inefficient, and bound to cause confusion among employees. How do you differentiate between the “real” and the “fake” internally?
Jim Cilluffo, Director of George Washington Universitie’s Homeland Security Policy Institute stated in front of Congress: “We should provide opportunities and responsibilities to the private sector to hack back,” REALLY? Vigilante justice is being proposed by a Director of a major universities’ homeland security institute? We are going to trust commercial entities to use the authority to ‘hack back’ judiciously? What about when they hack into a competitor and claim they were being hacked? What if a company hacks into a personal computer and the person decides to exact revenge on their employees for the act by escalating the issue to violence? Many of these ‘cyber criminals’ are associated with organized crime. These are not the types of groups you generally want to attack. This ‘mall cop’ mentality has not place in corporate America.
More disturbingly is the correlation between vigilante justice and bank robberies. “If someone were to rob a bank today, doesn’t the bank have a responsibility to protect its customers and employees from someone armed? They don’t simply wait until someone shoots innocent victims,” said Frank Cilluffo, director of George Washington University’s Homeland Security Policy Institute. The difference is stark. A person walking into a bank with a weapon is a ‘clear and present danger’ to people’s safety. A company being hacked may e angry, offended, insulted, etc. but the hacker is endangering a person’s safety in the same way a person with a gun would be.
While an executive order from the White House could be forthcoming, Cilluffo said legislation from Congress would be far more helpful and could even indemnify companies from lawsuits.
“We need to have these conversations because the current approach is doomed for failure. We’re losing too much,” said Cilluffo.
Global Security, Privacy, & Risk Management 