jump to navigation

Risk 102- Lose “A” Match but Win “THE” Game March 23, 2012

Posted by Chris Mark in Risk & Risk Management, weapons and tactics.
Tags: , , , , , , , ,
add a comment

Risk management is about decisions.  Given certain information, people then make decisions that they hope will minimize the risk of a particular outcome.  This post is about risk and decisions.

Years ago I was a young Marine attending the USMC’s Amphibious Reconnaissance School (ARS).  Upon successfully passing the school I would be conferred with the coveted Military Occupational Specialty (MOS) of 0321- Reconnaissance Marine.  Recon Marines operate in very small teams conducting various reconnaissance missions to provide intelligence to the commander. The last phase of ARS training is known as “patrolling phase”.  This is where all the students put their skills to use and run back to back patrols for a week while begin graded by the instructors.

During one of the final patrols we came upon a road known in military speak as a “linear danger area” and were considering a “two man bump” and other techniques to safely cross the danger area.  After having not slept for the better part of a week my mind was a bit foggy.  I asked the instructor: “SSGT, if we apply these techniques can we be confident that we will cross safely?”  He looked at me and said: “Mark, you can do everything by the book and exactly right and still get your entire team killed.  All you can do is make tactically sound decisions and hope for some luck.”  Certainly without meaning to do so, this Marine Staff Sergeant articulated the idea of risk and risk management as well as any academic. (more…)

France’s PATROIT Act? – “Visit Website; Go to Jail” March 23, 2012

Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism.
Tags: , , , , , , , ,
add a comment

In the aftermath of the murder of 7 people in France by a self-proclaimed Al Qaeda militant, France’s president Nicolas Sarkozy has proposed a sweeping law that would jail those who visit extremist websites.  “Anyone who regularly consults Internet sites which promote terror or hatred or violence will be sentenced to prison,” he told a campaign rally in Strasbourg, in eastern France. “What is possible for pedophiles should be possible for trainee terrorists and their supporters, too” 

The murders of 7 people in Toulouse were horrific.  Among those killed were a Rabbi and several children at a Jewish school.  The murderer, 23 year old Mohamad Merah, was killed by French police after a standoff.  (more…)

“Failed State of Security”- Published by IDGA March 21, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.
Tags: , , , , , , ,
add a comment

The Institute for Defense and Government Advancement (IDGA) has published the whitepaper “Failed State of Security”; A Rational Analysis of Deterrence Theory & Its Effect on Cybercrime. Check it out!

Abstract  “In reviewing the literature on criminology and information security it appears that, while they share many common themes, there is a disconnect between the criminological theory and its application in information security.  Information security, as a field, is focused on the protection of information assets.  Criminology is focused on the prevention of criminal behavior.  As most information security practitioners will likely attest, there is little overlap between the two fields and there has been little research or focus on the use of crime theories on the prevention of cybercrimes.   This paper attempts to bridge the gap between the fields and highlight the deficiencies in the current approach of compelling victims to prevent cybercrime as opposed to deterring the criminals from committing cybercrimes.” 

“Warren & Brandeis Cringe”- Identification through Typing March 21, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , , , ,
add a comment

Several years ago a few researchers demonstrated that the way in which people type is unique enough to be used to identify that person with a high degree of confidence.  It is not simply speed but includes cadence, time between particular keystrokes and other aspects.  This week DARPA announced that they are working to make the solution a reality.   Due to the uniqueness of a person’s typing DARPA says: “mimicking keystroke dynamics is physiologically improbable,” This means that it would increase the challenge of masquerading as another person.  I mark this up as “good in theory and terrifying in practice”.  In a talk last year a DARPA representative explained the process as such: “is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.”  This is precisely where the issue comes to life. (more…)

Social Media – Dangerously Anonymous & Plausibly Deniable March 19, 2012

Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.
Tags: , , , , , ,
add a comment

Today on Foxnews was a story about a person who claimed to be an occupy Wall Street protester who tweated a threat to kill a police officer.  A user with the name “Smackema1” tweeted: “We won’t make a difference if we don’t kill a cop or 2,”  What is interesting about this is that the person had never attended any Occupy protests and was actually in Florida when he sent the tweet.  The author, who police are trying to identify, clarified his remarks to a Florida newspaper when he said: “It’s not like I meant anything of it. Who takes anything like that seriously? I’m in Florida, what am I going to do?”   (more…)