Re: Educational Security Incidents Year in Reivew 2009 available

["SCHALIP, MICHAEL" <mschalip () CNM EDU>]

I've always found surveys like these to be interesting.  Since they tend to rely on "self-reporting" for information 
regarding breaches and incidents - there are a lot of entities (both public and private) that may report to the 
authorities what they need to report (in order to follow a mandate of some sort), but when it comes to responding to 
surveys or studies like this - they have a tendency to either under report or not report anything at all.  This kind of 
non-reaction is understandable in most cases - the last thing that any of us wants is to wind up on a local newspaper 
headline about some sort of cybersecurity breach......

This isn't to minimize the report or the data contained therein.....we appreciate the information and the insights.....

Thanks,

M


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dennis 
Meharchand
Sent: Thursday, June 03, 2010 7:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Educational Security Incidents Year in Reivew 2009 available

Not surprising that the numbers reported are down given that current methods of detecting breaches may be quite 
ineffective.
In the GHOSTNET case Anti-Malware Software was only able to detect 11 of 100 attack vectors 400 days after the breaches 
occured.

Dennis Meharchand
CEO, Valt.X Technologies Inc.
www.valtx.com

-----Original message-----
From: Adam Dodge addodge () EIU EDU
Date: Wed,  2 Jun 2010 09:24:49 -0400
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Educational Security Incidents Year in Reivew 2009 available

> Good Morning Everyone: 
>
> I just wanted to make a quick announcement that Educational Security 
> Incidents is back and a new Year in Review for 2009 is available at 
> http://www.adamdodge.com/esi/yir_2009
>
> From the summary: 
> The information security incidents reported by institutions of higher education throughout 2009 were down 
> significantly in both the number of incidents and the amount of information exposed. This downward trend in higher 
> education incidents follows a broader downward trend in breaches across all industry sectors in 2009 . As such, 2009 
> saw fewer institutions reporting a smaller number of breaches. During 2009, institutions of higher education showed 
> no Loss-type incidents, a significant change over the past three years. In addition, only one incident reported in 
> the news affected multiple institutions, a substantially smaller number than 2008. In fact, many of the numbers in 
> the Year in Review 2009 are close to those reported in 2006. However, the large number of institutions involved in 
> this one multi-institution incident once against caused the number of institutions suffering from a breach to be 
> greater than then number of breaches reported. 
>
>
> We have also added over 30 incidents from 2010 to bring the site up-to-date with reported breaches. 
>
> Thanks,
> Adam
>
> --
> Adam Dodge, CISSP, MSIA
> Information Technology Security Officer Eastern Illinois University
> 217-581-1942
> addodge () eiu edu

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.