“Privacy, Terrorism, Blowback, and Crime” – Where to start? April 10, 2012
Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism.Tags: al qaeda, Chris Mark, fox news, mark consulting group, Raptor, security, terrorism
add a comment
There is an interesting story on the front page of Foxnews this morning where a self-proclaimed patriot hacker who calls himself “The Raptor” is “…waging his own war on terror..” by taking down online forums used by Al Qaeda sympathizers. Certainly, known, and admitted terrorist organizations are not in the public interest. This blog is not justifying their position their tactics, or anything else they do.
The purpose of this post is to question the value of an individual (if you believe his tweets) taking unilateral action and then basking in the attention given to his actions. While vigilante actions may have a visceral appeal to many (including this author, at times) do actions such as this exacerbate the situation? Additionally, one has to ask whether he is right in taking unilateral action? As an American my gut reaction is to applaud the person but upon closer review, I don’t know if his actions are positive or altruistic.
In espionage there is a term called Blowback that refers to the unintended consequences of a covert action. (more…)
Thank You Readers! – 10,000 Visits from over 90 Countries! April 9, 2012
Posted by Chris Mark in Industry News.add a comment
Today GlobalRiskInfo.com celebrates a small but significant milestone. We have officially passed 10,000 views on the blog in less than 9 months. Additionally, we have had visits from over 90 countries since February 25th, 2012! Thanks to all the readers of GlobalRiskInfo.com!
Ethical Relativism- Sky News Morphs into Anonymous? April 5, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, cybersecurity, data breach, emall hacking, mark consulting group, Murdoch, NewsCorp, privacy
2 comments
By now most are probably aware of the email hacking scandal that severely damaged Rupert Murdoch’s NewsCorp empire. NewsCorp reporters were caught illegally accessing phone calls of the UK Royal family and hacking into email accounts of individuals. Murdochs’ son had to resign from his position as Chairman of BSkyB which own UK’s Sky News.
According to a report on CNN this morning UK news channel Sky News said Thursday it had authorized its journalists to hack into the e-mail of individual members of the public on two occasions. The very same people (journalists) that will scream for “freedom of speech” and “freedom of the press” and claim journalistic integrity are now violating the public’s privacy in a scramble to maintain market share and increase revenue? (more…)
“Oh the humanity!”- Financial Institution Breached 3 Times in 2 Weeks! April 4, 2012
Posted by Chris Mark in Data Breach, Industry News, Uncategorized.Tags: bank robberies, Chris Mark, data breach, Global Payments, InfoSec, mark consulting group, PCI DSS, risk management
add a comment
STOP THE PRESSES! According to the Patriot Ledger, a financial institution’s security was breached 3 times in 2 weeks and assets were stolen. The media, however, has been quiet on the story. I have not heard a single Gartner or other analyst publicly eviscerate the financial institution for their poor security practices nor has Information Week, CNN, or any other major media outlet opined on the breaches. Why?
The financial institution was a actually a bank branch and the breaches were not data thefts rather they were good old fashioned bank robberies. In 1968, in response to increasingly violent and frequent bank robberies, the US Government passed the Code of Federal Regulations Title 12 part 208.61- Bank Security Procedures. The purpose of the Act is as follows: (more…)
“Blaming the Victim and the PCI DSS is…Passe”- PCI DSS; GlobalPayments & Data Theft April 1, 2012
Posted by Chris Mark in Data Breach, Industry News, InfoSec & Privacy, PCI DSS, Risk & Risk Management.Tags: Chris Mark, cybersecurity, data breach, Global Payments, InfoSec, mastercard, PCI, PCI DSS, visa
add a comment
In an effort beat the “PCI Evangelists”; “wagon jumpers”, “naysayers”, and “PCI Haters” to the punch, I am publishing my post on a Sunday evening. By tomorrow morning the speculation on how the GlobalPayments compromise occurred will be in full swing and no doubt, many will have already condemned the company for “PCI DSS non compliance” or being “sick, lame, or lazy” when it comes to their PCI DSS compliance or information security. Others will have published articles condemning the PCI DSS as ‘ineffective’, ‘irrelevant’, or simply ‘stupid’.
Before they are condemned I want to go on record and say it NOT a PCI DSS compliance issue that caused the compromise. Like Heartland Payment Systems, Royal Bank of Scotland Worldpay and many more before them, GlobalPayments has been held out as the paragon of PCI DSS compliance for years. Now that they have been breached they will be expected to wear a scarlet letter for the foreseeable future. I have no doubt that by the end of next week their status as a “Level 1 PCI DSS Compliant Service Provider” will have either been revoked by the card brands or be under “review”.In the same vein, there will be many who shout from the rooftops that the PCI DSS is “irrelevant”, “outdated” and so on. Neither of these positions are accurate.
Here it goes…(drum roll please)…
The PCI DSS is a solid set of information security controls and represents minimum necessary controls to minimize the likelihood of data compromise through common, identified vulnerabilities. (more…)
Global Security, Privacy, & Risk Management 