Educause Security Discussion mailing list archives

Re: Educational Security Incidents Year in Reivew 2009 available

From: Dennis Meharchand <Dennis () VALTX COM>
Date: Thu, 3 Jun 2010 08:30:24 -0500

Not surprising that the numbers reported are down given that current methods of detecting breaches may be quite 
ineffective.
In the GHOSTNET case Anti-Malware Software was only able to detect 11 of 100 attack vectors 400 days after the breaches 
occured.

Dennis Meharchand
CEO, Valt.X Technologies Inc.
www.valtx.com

-----Original message-----
From: Adam Dodge addodge () EIU EDU
Date: Wed,  2 Jun 2010 09:24:49 -0400
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Educational Security Incidents Year in Reivew 2009 available

Good Morning Everyone:

I just wanted to make a quick announcement that Educational Security Incidents is back and a new Year in Review for 
2009 is available at http://www.adamdodge.com/esi/yir_2009

From the summary:
The information security incidents reported by institutions of higher education throughout 2009 were down 
significantly in both the number of incidents and the amount of information exposed. This downward trend in higher 
education incidents follows a broader downward trend in breaches across all industry sectors in 2009 . As such, 2009 
saw fewer institutions reporting a smaller number of breaches. During 2009, institutions of higher education showed 
no Loss-type incidents, a significant change over the past three years. In addition, only one incident reported in 
the news affected multiple institutions, a substantially smaller number than 2008. In fact, many of the numbers in 
the Year in Review 2009 are close to those reported in 2006. However, the large number of institutions involved in 
this one multi-institution incident once against caused the number of institutions suffering from a breach to be 
greater than then number of breaches reported.


We have also added over 30 incidents from 2010 to bring the site up-to-date with reported breaches.

Thanks,
Adam

--
Adam Dodge, CISSP, MSIA
Information Technology Security Officer
Eastern Illinois University
217-581-1942
addodge () eiu edu

Current thread:

Educational Security Incidents Year in Reivew 2009 available Adam Dodge (Jun 02)
- <Possible follow-ups>
- Re: Educational Security Incidents Year in Reivew 2009 available Dennis Meharchand (Jun 03)
- Re: Educational Security Incidents Year in Reivew 2009 available SCHALIP, MICHAEL (Jun 03)