BreachExchange mailing list archives
Data breaches still lognormal
From: Luther Martin <martin () voltage com>
Date: Thu, 17 Dec 2009 18:12:56 -0800
Earlier this year, I wrote some stuff (like this, for example http://www.csoonline.com/article/501584/Data_Breaches_Patterns_and_Their_Implications?page=1) that mentioned how the size of data breaches seems to follow a lognormal distribution - the size of breaches doesn't fit a normal or bell curve, but the logarithm of the size of breaches does. This year isn't over yet, but the last time I looked at this year's data, the same thing still held. The past three years had a mean of about 3.5 and a standard deviation of about 1.2. So far this year it looks about the same, with a mean of about 3.3 and a standard deviation of about 1.2. The lognormal model seems to fit the data fairly well, so the predictions that it makes about things like what fraction of breaches will expose 1 million of more records, etc., are fairly accurate. I'll do a more careful analysis next year, after more data from 2009 is available. Analysis like this wouldn't be possible without excellent the work that the OSF people are doing, of course. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- PA: U. Darby man accused of stealing Penn patient data lyger (Dec 17)
- Data breaches still lognormal Luther Martin (Dec 17)
- Privacy Costs and Personal Data Protection: Economic and Legal Perspectives Sasha Romanosky (Dec 18)