jump to navigation

FTC to Audit PCI Industry March 9, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , , , ,
4 comments

ftc_logo_430(UPDATED) I have been in the PCI “industry” since before it was an industry.  I was fortunate to have worked with Visa in 2001 on a team that helped design the CISP requirements for Service providers and subsequently worked at MasterCard a major processor and numerous QSA firms.  I can claim (along with 2 or 3 other people) to be the FIRST assessor even before we were QDSPs then QSAs. I was the PCI SSC’s global QSA trainer and Visa’s CISP trainer.  There probably only 10 people in the industry that have been doing “PCI” type work as long as I have.  Unfortunately, we lost two of those fine folks in the last several years.  One of the most frustrating aspects of being in the PCI assessment business has been competing with the “pay and stamp” assessors.  PCI is complex and conducting a solid PCI assessment is complex and not trivial. There have always been the “bottom feeders” that will guarantee a compliant finding for a nominal  fixed price fee.  For those companies that do solid work (while I compete with them I am also friends with many and can respect their work as much as my own employers) we often find ourselves on the losing end of a bid when someone agrees to assess a Fortune 100 company for a Fixed fee of $40K.  Well..the Federal Trade Commission has taken notice!

The FTC has issued an order to 9 QSA firms to assess (pun intended) how they assess companies against the PCI DSS and how their business is structured. The 9 companies listed are:

Foresite MSP, LLC; Freed Maxick CPAs, P.C.; GuidePoint Security, LLC; Mandiant; NDB LLP; PricewaterhouseCoopers LLP; SecurityMetrics; Sword and Shield Enterprise Security, Inc.; and Verizon Enterprise Solutions (also known as CyberTrust).

Here is my beef with that list.  The one company (to remain un-named for fear of a lawsuit..but we all know who it is)..that has had 7 or so of the largest credit card breaches in history as it’s clients is not listed.  3 of the companies are ‘newbys’ and 3 are very well known and respected companies.  They should have asked for “Chris’ list” 😉

After reading the order it is clear the FTC has done their homework and knows the answers they expect to get.  This is not simply smoke and mirrors.  They are asking questions related to:

  1. The bidding process for QSA work
  2. Cost structure of PCI assessment work
  3. Time associated with the average assessment
  4. number of companies found ‘non compliant’
  5. Whether a company is found ‘compliant’ BEFORE completing all work.
  6. Sampling methodology (this is a gotcha because the required methodology is outlined in the training)
  7. Qualifications

They are then asking for a sample ROC to be provided.  I cannot applaud the FTC enough for taking this step.  It is well past time that we get the “pay and stamp” providers  out of the industry! Read the Order Here!

“PTSD and Addiction”- by John Poitevent March 8, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
1 comment so far

BWR-Logo-NEW-PNGFor those suffering with PTSD and addiction, a good  friend of mine at Behavior Wellness and Recovery wrote a very good article on the subject.  Please take the time to read and share if you know someone who would benefit from this information.  As someone who has scores of friends suffering from PTSD I can say that substance abuse and addiction are pervasive within the community.  Please share!  If you need help, please contact BWR at 866.986.3414

Chris Mark Endorses Marco Rubio for President! February 6, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
1 comment so far

MarcoPresidentOK..since my latest brushes with fame on CNN and the National Review maybe the idea of me ‘Endorsing’ any candidate, much less Senator Marco Rubio, is a bit overblown 😉  That being said, I do want to post about why I think the Mr. Marco Rubio is the best option for President in 2016!

I have watched every presidential debate and every ‘town hall’ and I have come to the conclusion that I believe Marco Rubio is the candidate that is best suited to lead our great nation for the next 4 (or 8) years.

While there are no doubt policies that Marco and I disagree upon, the concept fostered by Nobel Prize recipient Herbert Simon of Satisficing comes into play. While we may not all agree on all issues, we evaluate alternative and decide upon the best option.  For this reason, I can say that whether I agree with Mr. Rubio on all issue is irrelevant as I agree with his position on the major issues and that is more important than minor disagreements. (thank you Auburn University for my BA in Poli Sci!)

I think Marco represents more of what I believe that our country needs with a conservative executive than any other candidate. So, what is conservatism?  As detailed by Mr. Rubio conservatism consists of three primary points: 1) Free Market 2) National Security and 3) Limited Government. (particularly Federal Government).  I agree with all three of these points.

More importantly I find Marco to be both honest, smart, fair, and a man of conviction. arco Rubio is clearly very smart and very well read on the relevant issues.  Unlike some of the other candidates I do not hear a lot of “sound bites” in his responses and he will speak to the issues with both passion and experience. I listed to Mr. Rubio talk about the issue in the middle east and instead of regurgitating the same tired nonsense of “carpet bomb them” he spoke intelligently of the issues between Sunni and Shia Muslims and how that impacts national defense! This is not an easy topic to learn and takes a lot of study to understand.  This demonstrates to me that Mr. Rubio is the type of President I think we need!

Some may see Mr. Rubio’s passion and his tendency to speak quickly and directly as less than ‘presidential’ but I see a person who is in the race for the right reasons! We need more passion, intellect, and frankness in the office. While many have emotion and passion for the job, I like Mr. Rubio’s intellect and education. I have yet to hear him asked a question where he simply regurgitates some sound bite for political expediency. I like people who stand tall and admit mistakes and own their flaws. Marco even made a reference to his boots that were ‘too tall’ (I could use a pair of those, as well)..
I am using my 15 minutes (14 are already spent so only 1 minute left) of ‘fame’ to Endorse Marco Rubio for President of the United States!

To donate to Marco’s campaign please click here!

Chris Mark

“I need a brother…” January 27, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , ,
2 comments

jasonWithin my very tight knit community of Recon Marines, Scout/Snipers and SARCS, these are words you never want to hear and, at the same time, wish you would hear more often.  It is not uncommon to see a request in a Facebook post or get a text that says simply: “I need a brother…”  When these words are passed,  dozens, if not scores of Marines and Sailors drop what they are doing and reach out to take care of the one in need.  Sometimes it is just someone to talk with…sometimes it is more.  It doesn’t matter.  Responding to these simple words may mean the difference between life and death.

Last weekend another Marine in our very small group took his own life.  This has happened far to frequently for a group of our size and has become far too common.  (more…)

Thank You for 1,000,000 Views! January 26, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , ,
1 comment so far

million

I was just notified that the GlobalRiskInfo blog just had it’s 1 millionth view with over 850,000 visitors!  I want to give a big “Thank You!” to everyone that has taken the time to read my inane drivel and for those who take the time to comment!  This is simply a labor of love and I am grateful for the support.  This started 4 years ago and I have published 404 blog posts. While some have been big hits others have not.  Regardless..thank you!