Re: An amazing use of DLDOS

[Chris Walsh <cwalsh () cwalsh org>]

On Wed, Sep 06, 2006 at 10:24:03AM -0700, George Toft wrote:
> What would also make the database really useful for research is if we 
> could categorize the primary (and secondary) causes of the loss.  For 
> example:
> pri_cause - laptop theft
> sec_cause - policy violation


Forget about sec_cause :^)

For pri_cause, you often find that it was a compromised web site.  So, that
could mean an application flaw (SQL injection), a misconfigured web server,
poor or no authentication, a braindead firewall, etc.  The same logic 
applies to other compromises.  You get the general "cause", but not what
really happened.  It is frustrating, but sort of interesting.

Sometimes, what happened is perfectly clear:

An auditor left a laptop containing customer data, including SSN, name,
and salary in a locked car in Hoboken NJ.  The car was broken into, and the
laptop stolen.  The laptop was password-protected, but the data were not 
encrypted.

For a large proportion of cases, all you know is what was compromised, but
not *how* (or even, when).

I forgot to mention in my earlier post that for the cases I have "on file", I
also specify whether reporting was mandated by state law, whether such 
reporting occurred, and what form the notice took (mail, email, phone, etc).

The sector (banking, etc) is easily obtained by looking at the NAICS code, 
which is the industrial classification often used by academic researchers in 
the social sciences.



cw

http://www.census.gov/epcd/www/naics.html
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 143 million compromised records in 337 incidents over 6 years.