jump to navigation

Security, Risk, and Bayes…oh my! January 6, 2017

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , ,
add a comment

bayes-and-hus-theory(this is an excerpt of some research I conducted for a paper)

According to Dr. Giovanni Manunta, the term security does not yet have a commonly accepted definition and evokes numerous connotations among practitioners. Although often not well defined, the relationship between security and risk is well accepted among business, government, and security professionals (Department of Homeland Security, 2008). While providing fodder for debate to those tasked with the security of information assets, the ambiguous definition of security and the differences in risk analysis techniques create significant challenges to effectively protecting assets.

The practical relationship between security, risk, and decision making is articulated well by the US Department of Homeland Security as it is described as an approach for making and security decisions (DHS, 2008).  This is further established in the NIST 800-37 Risk Management Framework:

“…For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations…” (NIST, 2010. p. 3). (emphasis added) (more…)

Chris Mark in “Using Security Metrics” Book June 9, 2016

Posted by Chris Mark in cybersecurity, Uncategorized.
Tags: , , , , , , ,
add a comment

Screen-Shot-2016-06-09-at-10.55.59-AM.pngA number of months ago I was interviewed regarding my opinion on the effectiveness of security metrics.  I was notified today that the eBook has been published.  Titled “Using Security Metrics” the book includes 33 authors and according to the publisher:

“We asked 33 security experts how they communicate security program effectiveness to business executives and the Board.

They share their recommendations and best practices in this ebook. If you’re a security professional, you’ll find their insights indispensable for helping you better communicate with business executives and Board members who often do not speak the security language. Download this ebook to learn about:

  • Security Metrics That Tell a Story to the Board
  • Security Metrics That Help Boards Assess Risk
  • Security Metrics for Threat Management
  • Security Metrics that Drive Action in the Financial Services Industry

My contribution can be found starting on page 39.  You can download the eBook here!.

Chris Mark to speak at 2016 ISF Texas April 10, 2016

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

ISF2016This week (10:30 am, April 14, 2016) I will be in the awesome city of Austin, TX speaking at the 2016 Information Security Forum. The ISF is: “…a free educational conference aimed at public sector Information Security Officers, Information Resources Managers, and IT staff throughout the State of Texas. The conference is hosted by the Texas Department of Information Resources (DIR) and will be managed by the Office of the Chief Information Security Officer (OCISO).”  The title of my presentation will be “Hackers, Slackers, and Thieves, understanding your adversary.”  If you are in Austin, please consider attending!

Chris speaking at the 2015 AT&T Security Conference: “Mobile Retail Security” September 3, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , ,
add a comment

17thATTI have been invited to co-present on Mobile Retail Security at the 17th Annual AT&T Cyber Security Conference. The conference is October 5th and 6th in Manhattan and will feature some amazing speakers including AT&T’s own CSO Dr. Ed Amoroso, Palo Alto’s CSO Rick Howard and “Dr. Chaos” Aamir Lakani to name but a few.  If you are going to be in NYC on Oct 5th and/or 6th and want to attend…registration is FREE!...Check it out!!

Chris Mark Speaking at 2014 AT&T CyberSecurity Conference August 25, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

ATTCyberSecurityConferenceAt 10 am on September 3rd, 2014 Chris (that is me) will be speaking at the 16th annual AT&T CyberSecurity Conference in New York City.  My particular discussion will be on the Human Element of Security.  From providing armed force protection in Mogadishu to unarmed security in a psychiatric ward through information security and anti-piracy work in the Gulf of Aden, I have learned that the underpinnings of security transcend all security domains.  My presentation will hit on the concepts of rationality, Knightian uncertainty, parallax, proximate reality, change blindness, deterrence, and threat adaptation to provide tools CSOs can use to make more informed decisions about security.

%d bloggers like this: