BreachExchange mailing list archives
Re: Incident Highlight - Total affected... who's counting?
From: Al Mac Wheel <macwheel99 () wowway com>
Date: Sat, 23 Aug 2008 11:42:03 -0500
A statistic I would like to see from the researchers, who use DataLoss and other data, is the risk of a breach, by public & private sector, based on past performance. In the geographiies where disclosure mandated, there are so many thousand schools, of which so many scores have reported incidents. How many none reported? How many one? How many multiple? Thus, this has happened at what % of total schools? And what % of total schools have repeat incidents? Break that down by universities and secondary schools. I'd guess most secondary schools incidents not yet making the national news. Is it a reasonable expectation that it does not matter what university you attend, or apply to, or are an alumni of, you are going to be breached by that university? Now do the same kind of analysis for other kinds of industriies. The GAO has published statistics on # incidents by government agency, without divulging nature of breaches ... how does that compare to total government offices and computers? What % of government is experiencing breaches? I'd guess maybe 75%. , lyger wrote:
http://datalossdb.org 2008-08-23 by Lyger http://datalossdb.org/incidents/1127 There has been some discussion about the recent loss of a "memory stick" with the personal details of inmates in Great Britain. As the story above shows, it appears that about 84,000 prisoners may have been affected by this breach... or is that 94,000? Or... is that 130,000? Who knows... as bad as the British government apparently is about keeping anyone's (even prisoners) personal information safe, the media is apparently equally as bad about doing that "numbers thing". For now, DataLossDB has this particular breach listed as 94,000 total records affected until more conclusive (coherent?) data has been obtained, but at least one question should be asked: does the total number of people affected in ANY data breach really matter? It seems that breaches with a large number of people and/or records affected get more media attention, especially when a lot of zeros and commas are in the headline, but is that really any indication of the magnitude of the real problem at hand? [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Incident Highlight - Total affected... who's counting? lyger (Aug 23)
- Re: Incident Highlight - Total affected... who's counting? Al Mac Wheel (Aug 23)