“Pinky and the Brain” – Chris & Heather Mark’s Articles in Transaction World Magazine June 21, 2012
Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy.Tags: compliance, credit card, cybersecurity, data breach, information security, PCI DSS, privacy, transaction world
add a comment
I heard yesterday from the EIC of Transaction World Magazine that they will be publishing one of my articles in their August 2012 issue. Stay tuned! I have written for TW numerous times over the past 7 years or so and Heather has written for them consistently since about 2005. You can read her current article here and see archives of Heather’s articles at this link. If you are not in the payments industry and want to know about the exciting world of credit card issues, check out TransactionWorld. It has great articles covering everything from compliance, to security, interchange, and more. Here are two links to a couple of my previous TW articles..1) Why Regulation Cannot Prevent CyberCrime and 2) Lessons from the Heartland Breach…clearly in this relationship Heather is the Brain and I am Pinky 😉
Collective Security & the Payment System June 11, 2012
Posted by Heather Mark in Laws and Leglslation, PCI DSS, Politics.Tags: collective security, compliance, Dr. Heather Mark, InfoSec, InfoSec & Privacy, mark consulting group, PCI, PCI DSS, treaty of westfalia
1 comment so far
I recently attended an event focused on payment security and fraud prevention. It was an outstanding event and the presentations and panels were incredibly valuable – not something that I frequently say about payment security events these days. However, one term came up a couple of times that got me thinking. That term was “collective security.” As many of you know, I have a background in public policy and my dissertation was, in fact, on US foreign policy and our strategic interests abroad, so the mention of collective security set off my poli sci radar. But I wondered if collective security was really an appropriate phrase for what we’re doing in the payments industry. To address that question, it is necessary to first define collective security in its traditional sense.
Collective security was first formally introduced by the Peace of Westphalia in 1648, a series of treaties that put an end to a number of wars that had been plaguing Europe. Very simply put, collective security is an arrangement in which all stakeholders agree that their security depends upon the security of each of the other stakeholders. (more…)
“Wowee wow wow!”; The Costs Of CyberSecurity; Part II May 15, 2012
Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy.Tags: bloomberg, Chris Mark, cybersecurity, data security, InfoSec, mark consulting group, PCI DSS, ponemon
add a comment
In reading the Ponemon/Boomberg report on the costs of cybersecurity, I was shocked to see that companies would need to increase spending 700% to achieve 95% protection. In reading closer, I was even more shocked to see that financial services companies would need to increase spending over 1,270% to achieve 95% protection. Of the 48 financial services firms surveyed the average annual security investment was $22.9 million. To achieve the 95% goal, security investment would need to increase to $292.4 million per year. You can see the results in an interactive chart here.
As stated in my previous post: “CyberSecurity Cold War; Spend Ourselves Into Oblivion”, it is obvious that companies cannot increase security investment 11 fold or even 7 fold. There must be a better answer.
By the way..the “Wowee wow wow” is from Christopher Walken’ character The Continental 😉
“Doing Time Before Being Convicted?” – Analyist Accuses Merchant of PCI Non-Compliance May 11, 2012
Posted by Chris Mark in cybersecurity, Data Breach, Industry News, InfoSec & Privacy.Tags: bankinfosecurity, Chris Mark, cybersecurity, data breach, Gartner, opening ceremony, PCI DSS, security
add a comment
I wrote this in May 2012. Given the current position in the industry if proclaiming victims of cybercrime to be wholly responsible, I thought it appropriate to publish again.
I was reading a an article on BankInfoSecurity.com titled: “Online Retailer Breached”. I am taken aback at the attitude of the quoted analyst. A Gartner analyst took a very bold step of accusing the merchant of “non compliance” then seemingly qualifying his statement by adding: “The attacker was probably able to attack unencrypted card numbers,” he says. “But given the lack of details, it’s hard to say for certain.” (more…)
“Oh the humanity!”- Financial Institution Breached 3 Times in 2 Weeks! April 4, 2012
Posted by Chris Mark in Data Breach, Industry News, Uncategorized.Tags: bank robberies, Chris Mark, data breach, Global Payments, InfoSec, mark consulting group, PCI DSS, risk management
add a comment
STOP THE PRESSES! According to the Patriot Ledger, a financial institution’s security was breached 3 times in 2 weeks and assets were stolen. The media, however, has been quiet on the story. I have not heard a single Gartner or other analyst publicly eviscerate the financial institution for their poor security practices nor has Information Week, CNN, or any other major media outlet opined on the breaches. Why?
The financial institution was a actually a bank branch and the breaches were not data thefts rather they were good old fashioned bank robberies. In 1968, in response to increasingly violent and frequent bank robberies, the US Government passed the Code of Federal Regulations Title 12 part 208.61- Bank Security Procedures. The purpose of the Act is as follows: (more…)
Global Security, Privacy, & Risk Management 