“You Are the Weakest Link! Or Are You”- Guest Post by Dr. Heather Mark June 7, 2017
Posted by Chris Mark in Uncategorized.Tags: Breach, compliance, Data, Ethics, Heather, Mark, PCI DSS, security, technology
add a comment
The incomparable
Dr. Heather Mark (my wife…and compliance expert) has a new blog post…
“If you’ve been in security or compliance long enough (and by that I mean approximately a week), you’ve heard the old adage that our largest vulnerability are our people. Firewalls don’t just randomly open ports. Email clients don’t just decide to send proprietary and sensitive information to third parties. These are actions, sometimes deliberate and sometimes accidental, taken by the human assets within our companies, not the technological ones. Technology is not imbued with the ability to autonomously break laws or divulge sensitive information. Technology largely does what it’s programmed to do. People – these are the elements that cannot really be controlled or predicted. Of course, we can implement technology to mitigate the risk presented by human nature. But at the end of the day, a determined individual can still wreak a lot of havoc. This argument is often made just to make that point that we can’t be complacent. And to a very large extent, it’s correct. But I would posit that people can also be one of our biggest assets with respect to maintaining compliance and ethics programs.I watch a lot of what my husband refers to as “murder shows” – Forensic Files, 20/20, and the like. My favorite, though, is Dateline when the story is presented by Keith Morrison. He has a way of telling a story. Don’t believe me? I give you proof.”…Click here for more from Dr. Heather Mark’s Blog!
The Difference Between Compliance and Ethic (Dr. Heather Mark’s Blog) July 10, 2015
Posted by Chris Mark in Uncategorized.Tags: compliance, Dr. Heather Mark, ESPN, Ethics, HIPAA, Jason Pierre Paul
add a comment
“HIPAA does not apply to news organizations” – ESPN Statement
Last night, a news story broke that combined two of my favorite things; compliance and American football. This is a rare occurrence, indeed. It seems that Jason Pierre Paul was celebrating the 4th of July, when he had a fireworks mishap, resulting in a major injury to his hands. As a football player that had recently been franchise-tagged, this is major news. Understandably, the sports reporters were anxious to get the story, as JPP, as he’s called, hadn’t yet signed his $14.8M dollar contract. One reporter, though, went so far as to tweet a copy of the player’s medical record, as proof of the procedure.As you can imagine, compliance professionals immediately hopped on this broadcast of Protected Health Information (PHI). This is an unscrupulous invasion of privacy, but does the tweet constitute a HIPAA breach? READ MORE.
Chris Mark speaking on PCI at a Business Process Outsourcing (BPO) event 2013 June 29, 2014
Posted by Chris Mark in Uncategorized.Tags: AT&T, Chris Mark, compliance, compromise, data breach, DSS, hack, PCI, risk, security
2 comments
I was privileged to be able to speak at an AT&T BPO event in 2013. In Feb 2014 AT&T Marketing published the videos. I found one but was unaware they had published all 3. I hope you enjoy. (remember…the camera adds 10 lbs! 😉
New Security Reference Blog…The Security HOG June 13, 2014
Posted by Chris Mark in Uncategorized.Tags: Chris Mark, compliance, risk, Scout Sniper, secuerityhog, security
add a comment
Security HOG is a complement to the GlobalRiskInfo site but is solely focused upon providing insight and education on the concepts of security, risk and compliance. Having worked in numerous security domains for over 20 years has provided me with valuable insight into the concepts and underpinnings of the science and art of security. Whether we are talking about physical security, operational security, information security or cybersecurity, the basic concepts remain the same. This blog will focus on the more esoteric, yet important, concepts of proximate reality, deterrence & compellence, parallax and convergence, threats & vulnerabilities, risk, and more.
Some might wonder what, if any significance, HOG has to the discussion of security? Within the USMC a person who is not a Scout/Sniper is known as a Professionally Instructed Gunman or PIG while a trained Scout/Sniper is known as a Hunter of Gunman or HOG. As a former Marine Corps Sniper I am a HOG and this is the reason the site is called Security HOG. Not too creative, I am afraid but it seemed to have a ring to it…
“August 2012 TransactionWorld Magazine” – Chris & Heather Mark’s Articles August 13, 2012
Posted by Chris Mark in cybersecurity, Data Breach, Industry News.Tags: compliance, cybersecurity, data breach, data security, mark consulting group, mastercard, PCI DSS, security, visa
add a comment
Chris and Heather Mark both have articles in the August 2012 issue of TransactionWorld Magazine. Chris’ is titled: “The Impact of the Fortress Mentality & Today’s Compliance Strategies” while Heather’s is titled: “After the Compromise; Security Incident Response and Mitigating the Damage”
One note. I apparently forgot to update my bio with the Editor in Chief so the article erroneously references me as the Executive Vice President of Data Security and Compliance for a payment processor. You can visit Mark Consulting Group at the following: www.MarkConsultingGroup.com
Global Security, Privacy, & Risk Management 