BreachExchange mailing list archives
Re: security breaches as a result of email
From: Dennis Opacki <DOpacki () Covestic com>
Date: Wed, 11 Oct 2006 11:51:18 -0700
I believe that what we are talking about here is "root cause analysis". Unfortunately, getting to the root cause of the event often requires a degree of sophistication and communication uncommon in companies experiencing data breaches. I usually send people interested in this sort of analysis to Rooney and Vanden Huevel's write-up[1]. While focused on quality control, it gives some good direction on causal factor charting and root cause identification. I have had luck in the past adapting it to computer security applications. -Dennis[1] http://www.asq.org/pub/qualityprogress/past/0704/qp0704rooney.pdf
From: B.K. DeLong Sent: Wed 10/11/2006 11:02 AM To: Al Mac Cc: dataloss () attrition org Subject: Re: [Dataloss] security breaches as a result of emailOn 10/11/06, Al Mac <macwheel99 () sigecom net> wrote: The data base has coding http://attrition.org/dataloss/dldoskey.html as to
nature of breach that could narrow you down to this kind of relevance, butthis is something that continues to evolve, and be improved upon by feedback here. I do not see in the chart a coding for the nature of the
breach: * laptop gone missing * dumpster diving * hacker broke in * data managers must have been computer illiterates* data managers must have been privacy illiterates * e-mail stupidity
* etc. so if you do a search of the raw data, looking for "e-mail" you going to get a lot of hits that what was breached was person's e-mail addressYou make a good point - this is definitely something else we should be tracking in the DLDOS.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 136 million compromised records in 416 incidents over 6 years.
Current thread:
- security breaches as a result of email grexpectations (Oct 11)
- Message not available
- Re: security breaches as a result of email Al Mac (Oct 11)
- Re: security breaches as a result of email B.K. DeLong (Oct 11)
- Re: security breaches as a result of email Dennis Opacki (Oct 11)
- Re: security breaches as a result of email Al Mac (Oct 11)
- Message not available