Chris Mark’s Article in “The Counter Terrorist Magazine” January 28, 2013
Posted by Chris Mark in cyberespionage, cybersecurity.Tags: china, Chris Mark, cyber espionage, cybersecurity, Duqu, Flame, security, The Counter Terrorist, Unlimted warfare
add a comment
I received my copy of February/March 2013 International edition of The Counter Terrorist Magazine and imagine my surprise when I am the cover article! I have written for a number of publications but I have to say my favorite is The Counter Terrorist. It is a great periodical for anyone interested in World affairs, Terrorism, and Counter Terrorism. My article is titled “World Cyber War”. In the article I talk about the differences in the perspectives of war between the East and the West, as well as provide examples of how cyber operations have already been used to further national interests. China is highlighted for their interpretations of war and warfare in “Unlimited War”, as well as Russia, and a few others. Overall, I think it is one of my better articles. To read The Counter Terrorist, you must subscribe either online or in print. Check out…The Counter Terrorist Magazine.
New Role – AT&T Consulting PCI Practice Lead! January 4, 2013
Posted by Chris Mark in Uncategorized.Tags: AT&T, Chris Mark, Consulting, credit card, PCI DSS, QSA, security
add a comment
I am proud to announce that as of January 3, 2013 I have accepted and started a new position with AT&T Consulting. I am the new PCI Practice Lead directing the PCI DSS auditing and consulting efforts within AT&T. I am excited to work with the most experienced, professional PCI DSS experts and QSAs in the industry. I have had frequent opportunity to interact with the AT&T PCI team over the years and have been consistently impressed with their technical expertise and professionalism. Their industry leading services are testament to the quality of the team and the leadership that preceded me in this role. Please feel free to contact me if you have any PCI DSS needs!
Chris Mark in Jan 2013 TransactionWorld: “Only Certainies are Death, Taxes, and PCI DSS.” January 2, 2013
Posted by Chris Mark in Uncategorized.Tags: Chris Mark, data breach, Heather Mark, InfoSec, mastercard, PCI DSS, security, transactionworld, TSYS, visa
add a comment
Chris Mark (this guy with two thumbs) is in the January 2013 edition of TransactionWorld Magazine. You can read my article titled: “In 2013 the only certainties are Death, Taxes, and the PCI DSS” in which I opine about the need for PCI DSS and other security standards as we enter 2013. The bio on the article is not accurate and still references an old position I had at ProPay. That being said, ProPay is a great company for which I was fortunate and proud to have worked, a company at which my illustrious wife, Dr. Heather Mark still works, and a company who deserve a big Congrats for being acquired by TSYS!..all in all…no harm, no foul.
Offensive Cyber Attacks – A Dangerous Proposition December 8, 2012
Posted by Chris Mark in Uncategorized.Tags: Chris Mark, cyber attaks, cybercrime, cybersecurity, deterrence, failed state of security, homeland security, jim cilluffo, mark consulting group, security
add a comment
Let me preface this by saying I have been outspoken about passive cyber defensive strategies and their failure. You can read my paper: “Failed State of Security” to learn more. On that note, Foxnews had a story today that had me scratching my head. The recommendations were pedestrian at best, and dangerous in the most severe cases. In short the article suggests that companies should take a more ‘offensive approach’ to preventing cyber attacks. Some of the recommendations include:
“Misinformation campaigns” such as planting fake documents and data for criminals to steal. As stated in the article: “One such strategy involves creating a disinformation campaign by distributing fake documents throughout a company’s own network to confuse and potentially misguide potential adversaries.” Companies today have a difficult time managing their own ‘real’ documents. This approach is inefficient, and bound to cause confusion among employees. How do you differentiate between the “real” and the “fake” internally?
Jim Cilluffo, Director of George Washington Universitie’s Homeland Security Policy Institute stated in front of Congress: “We should provide opportunities and responsibilities to the private sector to hack back,” REALLY? Vigilante justice is being proposed by a Director of a major universities’ homeland security institute? We are going to trust commercial entities to use the authority to ‘hack back’ judiciously? What about when they hack into a competitor and claim they were being hacked? What if a company hacks into a personal computer and the person decides to exact revenge on their employees for the act by escalating the issue to violence? Many of these ‘cyber criminals’ are associated with organized crime. These are not the types of groups you generally want to attack. This ‘mall cop’ mentality has not place in corporate America.
More disturbingly is the correlation between vigilante justice and bank robberies. “If someone were to rob a bank today, doesn’t the bank have a responsibility to protect its customers and employees from someone armed? They don’t simply wait until someone shoots innocent victims,” said Frank Cilluffo, director of George Washington University’s Homeland Security Policy Institute. The difference is stark. A person walking into a bank with a weapon is a ‘clear and present danger’ to people’s safety. A company being hacked may e angry, offended, insulted, etc. but the hacker is endangering a person’s safety in the same way a person with a gun would be.
While an executive order from the White House could be forthcoming, Cilluffo said legislation from Congress would be far more helpful and could even indemnify companies from lawsuits.
“We need to have these conversations because the current approach is doomed for failure. We’re losing too much,” said Cilluffo.
Security Survey December 3, 2012
Posted by Chris Mark in Uncategorized.Tags: CISSP, risk management, security, security survey
add a comment
I am completing a project for an research brief and would appreciate if any security professionals (or former security professionals) could take 5 minutes to answer the survey. NO personal information is collected. Thank you in advance for your help!
Global Security, Privacy, & Risk Management 