Re: Security Incidents due to user error

["Dodge, Adam" <Adam.Dodge () SUNY EDU>]

Based on my personal research (available at
http://www.adamdodge.com/esi), out of the 83 reported security incidents
last year 26 were caused by theft, 3 were caused by loss and 20 by
unauthorized disclosure. 33 incidents were caused by computer and/or
network penetration and 1 was an impersonation. This gives us roughly
71% caused by employee/human error, if you want to consider things such
as loss, theft and unauthorized disclosure as human error.

However, actual numbers of records reflected gives a different
percentage. The 83 incidents exposed roughly 2,683,059 records
(including 14 incidents affected an unknown number). Computer/network
penetration accounted for roughly 82% (2,209,237 records) of the
exposure.

I am working on a report that will hopefully be available sometime in
Feb with this information and more.

Adam

-----Original Message-----
From: Anthony Maszeroski [mailto:maszeroskia3 () SCRANTON EDU] 
Sent: Tuesday, January 30, 2007 11:36 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Security Incidents due to user error


I'm looking for a figure for the approximate percentage of security
incidents attributed to user/human error. I know I've read some
statistics before, but I can't seem to locate them now. Does anyone have
a pointer to this information?

-- 
- Anthony Maszeroski
-----------------------------------
Network Security Specialist
The University of Scranton
email : maszeroskia3 () scranton edu
phone : 570-941-4226
-----------------------------------