Re: Incident Highlight - Total affected... who's counting?

[Al Mac Wheel <macwheel99 () wowway com>]

A statistic I would like to see from the researchers, who use DataLoss and 
other data, is the risk of a breach, by public & private sector, based on 
past performance.

In the geographiies where disclosure mandated, there are so many thousand 
schools, of which so many scores have reported incidents.
How many none reported?
How many one?
How many multiple?

Thus, this has happened at what % of total schools?
And what % of total schools have repeat incidents?
Break that down by universities and secondary schools.
I'd guess most secondary schools incidents not yet making the national news.

Is it a reasonable expectation that it does not matter what university you 
attend, or apply to, or are an alumni of, you are going to be breached by 
that university?

Now do the same kind of analysis for other kinds of industriies.

The GAO has published statistics on # incidents by government agency, 
without divulging nature of breaches ... how does that compare to total 
government offices and computers?  What % of government is experiencing 
breaches?  I'd guess maybe 75%.

, lyger wrote:

> http://datalossdb.org
>
> 2008-08-23 by Lyger
>
> http://datalossdb.org/incidents/1127
>
> There has been some discussion about the recent loss of a "memory stick"
> with the personal details of inmates in Great Britain. As the story above
> shows, it appears that about 84,000 prisoners may have been affected by
> this breach... or is that 94,000? Or... is that 130,000? Who knows... as
> bad as the British government apparently is about keeping anyone's (even
> prisoners) personal information safe, the media is apparently equally as
> bad about doing that "numbers thing".
>
> For now, DataLossDB has this particular breach listed as 94,000 total
> records affected until more conclusive (coherent?) data has been obtained,
> but at least one question should be asked: does the total number of people
> affected in ANY data breach really matter? It seems that breaches with a
> large number of people and/or records affected get more media attention,
> especially when a lot of zeros and commas are in the headline, but is that
> really any indication of the magnitude of the real problem at hand?
>
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml