Security, Exploits & Vulnerabilities- Security is Never 100% February 16, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, cybersecurity, DES, Exploits, InfoSec, mark consulting group, markconsultinggroup.com, security, security theory, vulnerabilities
add a comment
In light of the recent disclosures of breaches of major security technologies and vendors, I felt compelled to write this post. One of my favorite subjects to debate (and argue over) is security theory in general, and specifically the topics of vulnerabilities & exploits. They are concepts that are critical in the fields of information security, risk management and other areas of security. In truth, the concepts extend beyond IS but they are very common in the IS World and easier, in my opinion, to discuss in the context of IS. So what are exploits & vulnerabilities and why are they important?
First, we need to understand that there is no “guaranteed security” and security can never be 100% as there are always vulnerabilities which can be exploited. We may not have identified them yet, but they do exist. Given enough time, effort, and the right tools, any security control can be circumvented. Security should be viewed as a function of time and effort. (this will be discussed below) Second it is important to understand that the concepts of exploits and vulnerabilities are inextricably entwined and are mutually dependent. This is where the debate begins so first lets get a working definition of the terms. (more…)
Nortel Network Compromised for a Decade; Chinese Suspected February 14, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.Tags: armed security, Chris Mark, cybersecurity, data breach, InfoSec, InfoSec & Privacy, mark consulting group, markconsultinggroup.com, nortel breach
1 comment so far
According to MSNBC, Nortel’s network was open to hackers since at least 2000. It is suspected that the hackers are Chinese. The data thieves appear to have had nearly “unfettered access” to the network and were able to download: ” “technical papers, research-and-development reports, business plans, employee emails and other documents.” How did they access the network? Simple. (more…)
GlobalRiskInfo.com now on Twitter! February 11, 2012
Posted by Chris Mark in Risk & Risk Management.Tags: Chris Mark, globalriskinfo.com, InfoSec, Maritime Security, mark consulting group, markconsultinggroup.com
add a comment
Now follow GlobalRiskInfo.com on Twitter! 
Why Regulation Cannot Prevent CyberCrime (TransactionWorld) February 6, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.Tags: Chris Mark, cybercrime, cybersecurity, InfoSec, Maritime Security, risk management, security, transaction world
add a comment
As the maritime industry is increasingly focused on protection of data assets, I thought it would be beneficial to include an article on the topic. This article is one I wrote for TransactionWorld in July, 2011. It is titled: “Why Regulation Cannot Prevent CyberCrime” and is a continuation on the discussion of the impact of deterrence on behavior.
“Data security and privacy regulation have increased significantly over the past 10 years. The U.S. now has 46 state breach notification laws and there have been numerous bills introduced in Congress that propose to regulate personally identifiable information and to dictate security of such data. In spite of this increasing regulation, data breaches continue to plague the industry. Some have proposed that more regulation is the answer. Unfortunately, regulation alone is inadequate to prevent data theft and protect data.
At its core, data theft and network intrusions are crimes. At the risk of oversimplifying the work of criminologists, crime prevention can be summarized as using deterrents to affect protection of assets and prevention of theft. Protection applies to the ‘hardening’ of targets by implementing controls that increase the level of difficulty of perpetrating a crime. A vault is a good example of a protective measure. While no vault is completely impenetrable, vaults do provide significant protective value. Data security controls are protective measures. They are designed solely to limit attempts to obtain the target of value. Without a deterrence effect, criminals are free to attack companies at will without fear of retribution. This article will explore the value of deterrence in the prevention of crime.” (read full article here)
Chris Mark Speaking at Combating Piracy Week in Hamburg February 2, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Piracy & Maritime Security, Risk & Risk Management.Tags: Chris Mark, combating piracy week, cyberpiracy, hanson wade, InfoSec, Maritime Security, Piracy & Maritime Security, risk management, security
add a comment
I will be speaking at the Combating Piracy Week in Hamburg, Germany on the topic of CyberSecurity & CyberEspionage The topic will discuss the topics with a focus on who is trying to steal your data and why. It will also cover the technologies and tactics of how they can steal your corporate data and what the uses of such data. You can get a preview of the topic by reading the Maritime Executive article in which I was interviewed.
If you have not attended one of the Hanson Wade Piracy events, it is worth attending. Hanson Wade’ personnel do a great job of coordinating networking and the speakers are all very professional and very adept. I have had opportunity to speak at nearly 100 events in the past 12 years or so and I would put the Hanson Wade events in the top 5 in terms of value for the money. I highly recommend this event for security companies that want to meet decision makers and speak with the people who influence the industry from a security perspective.
Global Security, Privacy, & Risk Management 