I am back ;) “The Markerian Heptad and Understanding Attacker Motivations” February 24, 2020
Posted by Chris Mark in cybersecurity.Tags: AT&T, attacks, Chris Mark, cyber, cybersecurity, data breach, hacking, InfoSec, motivations, security
add a comment
It has been a bit of time since I have posted. I am back with a blog post I wrote for AT&T CyberSecurity Blog. Titled, “Understanding CyberAttacker Motivations” It discusses what I call the “Markerian Heptad” (Yes..I named it after myself 🙂 and describes the 7 basic motivations that underpin why an attacker would target a particular person, company, organization, etc.
“Implementing a risk based security program and appropriate controls against adaptive cyber threat actors can be a complex task for many organizations. With an understanding of the basic motivations that drive cyber-attacks organizations can better identify where their own assets may be at risk and thereby more efficiently and effectively address identified risks. This article will discuss the Rational Actor Model (RAM) as well as the seven primary intrinsic and extrinsic motivations for cyber attackers.
Deterrence and security theory fundamentally rely upon the premise that people are rational actors. The RAM is based on the rational choice theory, which posits that humans are rational and will take actions that are in their own best interests. Each decision a person makes is based upon an internal value calculus that weighs the cost versus the benefits of an action. By altering the cost-to-benefit ratios of the decisions, decisions, and therefore behavior can be changed accordingly.
It should be noted at this point that ‘rationality’ relies upon a personal calculus of costs and benefits. When speaking about the rational actor model or deterrence, it is critical to understand that ‘rational’ behavior is that which advances the individual’s interests and, as such, behavior may vary among people, groups and situations.”..READ MORE HERE!
Thank You for 1,000,000 Views! January 26, 2016
Posted by Chris Mark in Uncategorized.Tags: 1 million views, Chris Mark, InfoSec, PCI DSS, security
1 comment so far
I was just notified that the GlobalRiskInfo blog just had it’s 1 millionth view with over 850,000 visitors! I want to give a big “Thank You!” to everyone that has taken the time to read my inane drivel and for those who take the time to comment! This is simply a labor of love and I am grateful for the support. This started 4 years ago and I have published 404 blog posts. While some have been big hits others have not. Regardless..thank you!
Dupont’s Titanium Oxide Color Recipe- Stolen for Chinese Advantage July 22, 2015
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, corporate espionage, cyberespionage, cybersecurity, Dupont, InfoSec, mark consulting group, San Francisco Chronicle, security
add a comment
Oddly (to me anyhow) this is the 2nd most popular post on my blog! It was written over 3 years ago but since it gets so much traffic I thought I should re-post. Here it is in 2015!
Many mistakenly believe that only “high tech” secrets and intellectual property are targets for intellectual property theft. In a clear example of how any propriety secret can be considered a target, a scientist (Tse Chao) who worked for Dupont from 1966-2002 (36 years!) pleaded guilty in Federal court on Thursday to committing espionage for a company controlled by the Chinese government. Mr. Chao testified that he provided confidential information to Chines controlled Pangang Group. What did he steal? Among other things, the recipe for Dupont’s Titanium Dioxide. What is TD used in? Titanium Dioxide is the ingredient in many white products that makes the products white. Products such as paint, toothpaste, and Oreo cookie filling! Stealing the ingredients to Oreos shows just how low cyberthieves will go! According to court documents: “DuPont’s chlorine-based process was eagerly sought by China, which used a less efficient and more environmentally harmful production method”
I have worked with a number of large companies who, when asked why they did not protect trade secrets, replied that they did not believe their industry or type of product was of interest. Make no mistake. If your company has a unique process, technology, or product, it IS of interest to many companies. Unfortunately, the US Government has released reports that state that China is sponsoring much of the US and European cyber espionage.
photo from: http://www.titaniumexposed.com
Getting into Information Assurance Careers June 2, 2015
Posted by Chris Mark in Uncategorized.Tags: Chris Mark, CIPP, CISSP, Consulting, cybersecurity, InfoSec, privacy, SANS
1 comment so far
I have had a number of folks email me asking about becoming an InfoSec worker so I am writing this post to (hopefully) help those who are interested. In 2001, I landed in InfoSec by pure luck and I have never looked back. It is an amazing field and a great career path. First..for some marketing. According to the InfoSec Institute, the average CISSP Salary in 2014 is over $100,000 per year. In 2013 there were 209,000 job postings for CyberSecurity Jobs and it is estimated that in 2015, there are 40,000 more jobs than people to take them. In short, it is a very high demand field.
InfoSec? CyberSecurity? Information Assurance? WHAT?
It is even confusing to me sometimes. At a high level I use the term Information Assurance as it encompasses all of the elements of protecting data. This includes data security (protecting data), CyberSecurity (protecting the systems, and infrastructure), Privacy (appropriate use of information) and Compliance (ensuring your company complies with relevant regulations) and Risk Management (evaluating the security risk of your organization). While this short post does not allow for a more comprehensive overview, these are the generic ‘pillars’ that we consider.
What types of Jobs are Out There? (more…)
Chris Mark in February 2014 SC Magazine “The Need & the Challenge” February 14, 2014
Posted by Chris Mark in Uncategorized.Tags: AT&T, Chris Mark, cybercrime, information security, InfoSec, SCMagazine, security
add a comment
Chris Mark’s (this author) article “The Need and the Challenge” has been published in the February, 2014 edition of Secure Computing Magazine. The article focuses upon the need to define the term ‘security’ and the challenge associated with denoting such a term. Here is an intro “While used every day, the term “security” can be deceptively difficult to define and may contain various meanings to different people in divergent contexts. The industry at large seems to have adopted a stance of “I know it when I see it,” as opposed to objectively defining the concept. Unfortunately, this creates numerous problems for those who have a need to ‘secure’ data, or any other asset.” Continue reading here!
Global Security, Privacy, & Risk Management 