BreachExchange mailing list archives
Re: Guide puts a price tag on security breaches
From: "Sasha Romanosky" <sromanos () andrew cmu edu>
Date: Tue, 6 Apr 2010 13:29:30 -0400
FYI, While nicely packaged, I don't see any new information here, esp. regarding costs of breaches (they just cite ponemon).
-----Original Message----- From: dataloss-discuss-bounces () datalossdb org [mailto:dataloss-discuss-bounces () datalossdb org] On Behalf Of Jake Kouns Sent: Sunday, April 04, 2010 8:43 PM To: dataloss-discuss () datalossdb org; dataloss () datalossdb org Subject: [Dataloss-discuss] Guide puts a price tag on security breaches http://www.nextgov.com/nextgov/ng_20100331_6223.php BY ALIYA STERNSTEIN 03/31/2010 Public and private sector chief financial officers should develop a budget that calculates the gross financial risk a security breach could pose to their organization, according to a new report from a U.S. standards body and a security trade association. The 76-page guide comes in response to a 60-day White House review last year of the nation's cybersecurity infrastructure that found quantifying the value of protection motivates organizations to address vulnerabilities. The document -- written by the American National Standards Institute and the Internet Security Alliance, a nonprofit electronic industry group that is affiliated with Carnegie Mellon University -- assigns dollar figures to information losses and advises CFOs on the financial management of cyber risk. The instructions apply both to federal and corporate CFOs, said Karen Hughes, ANSI's director of homeland security standards. "The overarching message this document puts forward is that the single biggest threat to cybersecurity is misunderstanding," she said. "CFOs from the public and private sectors alike must look at cybersecurity as an enterprise- [and] agency-wide issue and not just an IT issue, to ultimately reduce vulnerabilities to cyberattacks and their financial implications." The handbook is based on the premise that companies today, most of which depend on the Internet to survive, have relegated data security to an isolated, and often underfunded, unit. The publication estimates a data breach of 10,000 records containing personal identification information would cost about $1.6 million, assuming the company carried breach insurance with an 80 percent coverage of direct costs. That sum includes direct expenses for investigations and forensics, consulting services, notification of affected individuals, public relations, legal defense, and credit and identity monitoring -- as well as the indirect cost of lost business. The handbook cites several analytical models to help chiefs assess costs and benefits. [..] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
_______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Guide puts a price tag on security breaches Jake Kouns (Apr 05)
- Re: Guide puts a price tag on security breaches Sasha Romanosky (Apr 06)