Educause Security Discussion mailing list archives
Re: Educational Security Incidents Year in Reivew 2009 available
From: "SCHALIP, MICHAEL" <mschalip () CNM EDU>
Date: Thu, 3 Jun 2010 08:42:32 -0600
I've always found surveys like these to be interesting. Since they tend to rely on "self-reporting" for information regarding breaches and incidents - there are a lot of entities (both public and private) that may report to the authorities what they need to report (in order to follow a mandate of some sort), but when it comes to responding to surveys or studies like this - they have a tendency to either under report or not report anything at all. This kind of non-reaction is understandable in most cases - the last thing that any of us wants is to wind up on a local newspaper headline about some sort of cybersecurity breach...... This isn't to minimize the report or the data contained therein.....we appreciate the information and the insights..... Thanks, M -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dennis Meharchand Sent: Thursday, June 03, 2010 7:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Educational Security Incidents Year in Reivew 2009 available Not surprising that the numbers reported are down given that current methods of detecting breaches may be quite ineffective. In the GHOSTNET case Anti-Malware Software was only able to detect 11 of 100 attack vectors 400 days after the breaches occured. Dennis Meharchand CEO, Valt.X Technologies Inc. www.valtx.com -----Original message----- From: Adam Dodge addodge () EIU EDU Date: Wed, 2 Jun 2010 09:24:49 -0400 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Educational Security Incidents Year in Reivew 2009 available
Good Morning Everyone: I just wanted to make a quick announcement that Educational Security Incidents is back and a new Year in Review for 2009 is available at http://www.adamdodge.com/esi/yir_2009 From the summary: The information security incidents reported by institutions of higher education throughout 2009 were down significantly in both the number of incidents and the amount of information exposed. This downward trend in higher education incidents follows a broader downward trend in breaches across all industry sectors in 2009 . As such, 2009 saw fewer institutions reporting a smaller number of breaches. During 2009, institutions of higher education showed no Loss-type incidents, a significant change over the past three years. In addition, only one incident reported in the news affected multiple institutions, a substantially smaller number than 2008. In fact, many of the numbers in the Year in Review 2009 are close to those reported in 2006. However, the large number of institutions involved in this one multi-institution incident once against caused the number of institutions suffering from a breach to be greater than then number of breaches reported. We have also added over 30 incidents from 2010 to bring the site up-to-date with reported breaches. Thanks, Adam -- Adam Dodge, CISSP, MSIA Information Technology Security Officer Eastern Illinois University 217-581-1942 addodge () eiu edu
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- Educational Security Incidents Year in Reivew 2009 available Adam Dodge (Jun 02)
- <Possible follow-ups>
- Re: Educational Security Incidents Year in Reivew 2009 available Dennis Meharchand (Jun 03)
- Re: Educational Security Incidents Year in Reivew 2009 available SCHALIP, MICHAEL (Jun 03)