Educause Security Discussion mailing list archives
Re: Educational Security Incidents Year in Review - 2007 is now available
From: John Kristoff <jtk () DEPAUL EDU>
Date: Mon, 11 Feb 2008 08:50:01 -0600
On Mon, 11 Feb 2008 06:57:00 -0600 Adam Dodge <adam () ADAMDODGE COM> wrote:
2007 marked a significant change for information security incidents reported
This could be an interesting resource. It might be useful to examine things such as time between disclosure and when the incident actually happened. Perhaps there are trends year-by-year. You may also want to research various legal requirements on a state-by-state basis and provide that as a resource, at least for the US insitutions. You might also consider taking into account the type of institution and its responsibilities for disclosure since they are not all the same (e.g. public versus private institution reporting requirements). Correlation between statutes, disclosure and incidents could prove enlightening. Your comment: What I (Adam Dodge) discovered was shocking. As far back as the late 1990's, educational institutions have been one of the most compromised industry sectors. Unfortunately, this trend continues today. I (Adam Dodge) hope that by sharing my collected research though ESI this trend will change. "Most compromised" is an interesting comment. A number of others have made similar claims in the past. They often fail to take into account disclosure policies of educational insitutions versus prviate companies. In my experience they also fail miserably at providing an apples to apples comparison. My advice would be to report what you find and try to avoid biasing your results and editorializing your findings. I can give you numbers of security-related issues from a single corporate entity that will blow all eduational institutions out of the water, but its a pointless comparison in my view. There is too much else to factor in. John
Current thread:
- Re: Educational Security Incidents Year in Review - 2007 is now available Melissa (Feb 10)
- <Possible follow-ups>
- Re: Educational Security Incidents Year in Review - 2007 is now available Melissa (Feb 10)
- Educational Security Incidents Year in Review - 2007 is now available Adam Dodge (Feb 11)
- Re: Educational Security Incidents Year in Review - 2007 is now available Halliday,Paul (Feb 11)
- Re: Educational Security Incidents Year in Review - 2007 is now available Eric Case (Feb 11)
- Re: Educational Security Incidents Year in Review - 2007 is now available Adam Dodge (Feb 11)
- Re: Educational Security Incidents Year in Review - 2007 is now available Adam Dodge (Feb 11)
- Re: Educational Security Incidents Year in Review - 2007 is now available John Kristoff (Feb 11)