“Caveat Emptor”- Facebook reading private text messages?! February 27, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: android, Chris Mark, cybersecurity, facebook, mark consulting group, markconsultinggroup.com, privacy, security
add a comment
UPDATE: According to Facebook, this story was incorrect. To ensure the accuracy of my own reporting, here is their statement taken from MSNBC: “The Sunday Times has done some creative conspiracy theorizing but the suggestion that we’re secretly reading people’s texts is ridiculous. Instead, the permission is clearly disclosed on the app page in the Android marketplace and is in anticipation of new features that enable users to integrate Facebook features with their texts. However, other than some very limited testing, we haven’t launched anything so we’re not using the permission. If we do, it will be obvious to users what’s happening. We’ll keep you posted on our progress.” (more…)
Traveling Naked (digitally) to avoid Cyberespionage February 25, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, cyberespionage, cybersecurity, data security, mark consulting group, new york times, security
1 comment so far
There is a very good article written by Nichole Perlroth of the New York Times that discusses the dangers of cyberespionage. I have written this subject in this blog, as well. It is always interesting when you talk with people about cyberespionage and get the “brush off” or some comment about “james bond” and fantasy. Unfortunately, cyberespionage is very real, and very dangerous for companies. Intellectual property and trade secrets are in high demand for certain governments and competitors. As stated by top counterintelligence official, Joel F. Brenner: “If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” (more…)
Playing in Mogadishu – The Dangers of False Security and the Value of Situational Awareness February 23, 2012
Posted by Chris Mark in Risk & Risk Management, weapons and tactics.Tags: Chris Mark, cybersecurity, mark consulting group, security, situational awareness, USMC, weapons
add a comment
UPDATE: This is a great video that shows the difficulty in reacting with a concealed weapon. Let me be clear, I am a proponent of the 2nd Amendment but I think that people place too much trust in their firearms without proper training.
Recently, I was discussing gun laws and other issues with some gentlemen with whom I used to work. I live in a state (Utah) that has very liberal gun laws and a LOT of people who carry concealed firearms. A short 4 hour class with no proficiency testing any adult that is a US Citizen without a felony can carry a concealed weapon in Utah. This is a scary proposition to many (including me). The men were talking with full confidence about how they feel more safe with their guns. They referenced a few situations in which some woman had been assaulted and stated with full confidence that if the women had been armed, the assault would not have occurred. I explained to them that it is more important to have situational awareness than it is to have a weapon. (more…)
Security 101: “You don’t have to out run a bear…just your friends” February 22, 2012
Posted by Chris Mark in InfoSec & Privacy, Piracy & Maritime Security, Risk & Risk Management, weapons and tactics.Tags: armed security, arms race, Chris Mark, cybersecurity, InfoSec, Piracy & Maritime Security, risk, risk management, security
add a comment
Yesterday MSNBC had a story that discussed the “arms race” between Somali pirates and shipping companies. The article discussed the increasing violence of the pirates. While this should come as no surprise to anyone, it is a single statement that caught my attention. “Greater use of private armed security guards on ships and a much tougher approach by international navies is beginning to work, some… say. (more…)
“Trust but Verify”- Insider Threats & Intellectual Property Theft February 20, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, corporate espionage, cybersecurity, InfoSec, insider theft, IP Theft, markconsultinggroup.com, operational security, security
add a comment
According to the US Government, intellectual property theft costs the US approximately $250 billion per year. Unfortunately, a large and growing percentage of this theft is due to insiders. The human element of data security is a topic that I have written on numerous times. This article follows one I wrote in August, 2011 titled: Security 101: The Human Element.
I have worked with a number of large (and small) organizations that were very focused on risk management and information security. It is always disheartening when you find that the companies focus solely upon external threats and ignore one of the largest threats to their intellectual property; their own employees. Humans are social creatures. We make friends and we want to be trusted. We also believe in our fellow person. Nobody likes to feel like they are not trusted and consequently, few like to make others feel like they are not trusted. Unfortunately, where data security and the protection of intellectual property is concerned, companies are well advised to adhere to the old adage: “Trust but Verify”.
With increased responsibility often comes increased authority and increased access to sensitive systems, and information. Companies often make the mistake of believing that with increased responsibility comes a decrease in the need to monitor activity. (more…)
Global Security, Privacy, & Risk Management 