Educause Security Discussion mailing list archives
Re: Security Incidents due to user error
From: "Dodge, Adam" <Adam.Dodge () SUNY EDU>
Date: Tue, 30 Jan 2007 12:15:26 -0500
Based on my personal research (available at http://www.adamdodge.com/esi), out of the 83 reported security incidents last year 26 were caused by theft, 3 were caused by loss and 20 by unauthorized disclosure. 33 incidents were caused by computer and/or network penetration and 1 was an impersonation. This gives us roughly 71% caused by employee/human error, if you want to consider things such as loss, theft and unauthorized disclosure as human error. However, actual numbers of records reflected gives a different percentage. The 83 incidents exposed roughly 2,683,059 records (including 14 incidents affected an unknown number). Computer/network penetration accounted for roughly 82% (2,209,237 records) of the exposure. I am working on a report that will hopefully be available sometime in Feb with this information and more. Adam -----Original Message----- From: Anthony Maszeroski [mailto:maszeroskia3 () SCRANTON EDU] Sent: Tuesday, January 30, 2007 11:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Security Incidents due to user error I'm looking for a figure for the approximate percentage of security incidents attributed to user/human error. I know I've read some statistics before, but I can't seem to locate them now. Does anyone have a pointer to this information? -- - Anthony Maszeroski ----------------------------------- Network Security Specialist The University of Scranton email : maszeroskia3 () scranton edu phone : 570-941-4226 -----------------------------------
Current thread:
- Security Incidents due to user error Anthony Maszeroski (Jan 30)
- <Possible follow-ups>
- Re: Security Incidents due to user error Penn, Blake (Jan 30)
- Re: Security Incidents due to user error Dodge, Adam (Jan 30)
- Re: Security Incidents due to user error Gary Flynn (Jan 30)
- Re: Security Incidents due to user error Melissa Guenther (Jan 30)