Random Thoughts On Piracy Summit (I have to talk about guns a little ;) May 1, 2012
Posted by Chris Mark in Industry News, Piracy & Maritime Security, Risk & Risk Management.Tags: Anti Piracy, armed security, Chris Mark, combating piracy week, Maritime Security, markconsultinggroup.com, Scout Sniper, security, weapons
add a comment
In reflecting upon the Piracy Europe even in Hamburg that I attended last week, I was struck by a few things that were said and proposed. The speakers were generally very good although the material is getting a bit old at this point. With piracy at near 2007 levels, security vendors are scrambling to convince shipping companies that they are still needed. Selling on Fear, Uncertainty, and Doubt (FUD) seems to be the new way of business development.
With regard to the security vendors, there appeared to be two distinct perspectives on how to stop pirates. Neither seemed appropriate. One company had a rep get up and show a picture of himself with a Barrett .50 cal SASR (special application scoped rifle) (shown in the pic above with the very skilled, handsome and smart USMC Sniper..yeah its me). The intimation was that if you have larger guns, you have more ‘firepower’ and thus better security. This is a very simplistic way of thinking about security and demonstrates one of the challenges of maritime security. Security is not about technology…it is about people, strategies, and tactics. Tools (such as weapons) are useful but only if employed correctly. You can read the whitepaper “weapons and tactics in the prevention of piracy” here. This “goons with guns” approach was not well received and quite frankly, I felt it perpetuated what the attendees think of American security…knuckle-dragging, goons with guns. Blackwater is alive and well in the minds of most of those who attended the event. (more…)
UPDATE: “Fast & Furious”; Remember Brian Terry – Killed December 15, 2010 April 27, 2012
Posted by Chris Mark in Industry News.Tags: ATF, BORTAC, Brian Terry, Chris Mark, fast and furious, RememberBrianTerry.com, security, USMC
add a comment
UPDATE: Fox news is reporting that “House GOP leaders said Friday they are pursuing a plan to hold Attorney General Eric H. Holder Jr. and the Justice Department in contempt for “stonewalling” them over information regarding the administration’s failed Fast and Furious gun-tracking program.”
Brian Terry and I served together in the US Marines in the early 1990’s. He was a good friend, a good Marine and a good person. After the Marines Brian went on to be a police officer and Border Patrol Agent and member of the Border Patrol Tactical Unit (BORTAC). On December 15th, 2010 he was killed by border bandits armed with AK 47s. Brian was armed only with ‘less than lethal’ weapons. The weapons used to kill Agent Terry were later confirmed to be part of the ATF Fast & Furious program in which weapons were allowed by the ATF to be purchased and smuggled into Mexico. This program was endorsed by current Atty General Eric Holder. This is not a political post. Please remember Agent Brian Terry and, if possible, purchase a bumper sticker or t-shirt in remembrance of him. www.RememberBrianTerry.com
Chris Mark Speaking in London- “Hactivists, CyberSpies, & Thieves: Risk & Data Centric Security” April 18, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, CISO Intelligence Forum, cybersecurity, http://ciso-intelligence.com/, InfoSec, mark consulting group, risk management, security
add a comment
On June 19th, Chris Mark (that is me;) will be hosting a workshop at the CISO Intelligence Forum: Energy in London, England. My particular workshop will be titled: “How to select a security vendor”. Not really..that was a bad joke 😉 (security geeks get it). The 1/2 day workshop will be titled: “Hactivists, CyberSpies, and Data Thieves: A Discussion of Risk & Data Centric Approaches to Security”. You can download the brochure here. While my own workshop is sure to be the most well attended (another bad joke), I do have to give some props to the other speakers. This event has some top shelf talent shelf talent speaking including speakers from the PCI SSC, Lanco, SOCA, and Northrup Grumman, among others. If you are looking for solid information on data security in the energy segment, this is the place to be.
(UPDATE)-“Interesting” Logic & Analysis – Verizon’s 2012 Data Breach Report April 17, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, terrorism.Tags: anonymous, Chris Mark, CSOonline, cybercrime, hacktivism, InfoSec, mark consulting group, security, Verizon data breach report
2 comments
I received a very insightful comment from one of the Verizon authors and thought it prudent to share. I think this explanation is very helpful for companies looking at infosec controls. Here it is, in part(emphasis added): “You make a valid point about the fact that a determined attacker would simply try again if the first attempt failed. However, our finding that most breaches are avoidable through relatively simple controls doesn’t overlook this as you suggest. Our data show that most criminals aren’t determined to breach a particular victim and likely won’t try again if met with decent resistance. In fact, the extreme opportunistic nature of target selection means they likely won’t even be attacked w certain controls in place because automated probes will skip on down the street after jiggling the door handle a bit.“ You can read the full comment, in ‘comments’. The entire post is you continue reading. (more…)
Another Total Security Failure!?- 750K Socials Stolen in Utah April 10, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: Chris Mark, cybersecurity, InfoSec, mark consulting group, markconsultinggroup.com, security, Social Security theft, Utah Health Department
add a comment
(RANT ALERT) While everyone is fighting over who gets to eviscerate Global Payments in the press today, a major breach of sensitive data goes unnoticed. For the record…Credit Card theft is NOT identity theft. Steal my credit card every day of the week…I have zero liability. Do NOT steal my social or passport or drivers license. We seem to be focused on the wrong data at times. I live in Utah and am pretty sure my wife, and my own 2 year old son’s Social was included in this breach.
Today on Foxnews.com a story was posted about how hackers stole “hundreds of thousands of social security numbers” from the Utah Health Department. Well…this is not entirely accurate. The data thieves did steal the Socials but they also stole medical information and other personal information such as names, addresses etc. The total number of records is nearing 900,000. Here is my beef…according to the story: (more…)
Global Security, Privacy, & Risk Management 