Re: WSJ Article - A Contrarian View on Data Breaches

[Brad Judy <brad.judy () CU EDU>]

There are a wide variety of metrics (key performance indicators) that can be used for either a retail company or higher 
education.  Higher education institution level business KPIs might include:

Number of applicants
Matriculation rate
Student departure rate
Donor giving (total dollars or rates)
Research grant application success rate
Acceptance rate for faculty/staff job offers
Employee departure rate
State funding level (for public institutions)
Passing rate of institution supported legislation
Acceptance rate of research papers/talks

While stock prices are a big deal for publically traded companies, investors are going to be looking at a lot more 
variables, overlapping greatly with the metrics that privately held companies probably watch.  These could include 
everything from profit margins to customer churn rate to conversion rates on advertising.

Brad Judy


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Quentin 
L McCallum
Sent: Tuesday, August 05, 2014 9:45 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] WSJ Article - A Contrarian View on Data Breaches

The question is how to measure reputation.

I am proffering that stock price for business is a possible measurement. I would suggest that billable hours or student 
count would be measurement in HE.


With regards,
Quentin

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben Woelk
Sent: Tuesday, August 05, 2014 11:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] WSJ Article - A Contrarian View on Data Breaches

We had an employee of TJX attend a attend a security presentation on campus a few years ago. He stated that their 2007 
breach hadn't been more than a blip on the radar for TJX and that sales had remained good. According to 
http://www.boston.com/business/globe/articles/2007/10/25/tjx_timeline/, TJX put the cost of the breach at $256 million. 
There were 45.6M card numbers affected.

Ben Woelk
Member, Awareness and Training Working Group
Higher Education Information Security Council
http://www.educause.edu/heisc

ISO Program Manager
Rochester Institute of Technology
Rochester, New York 14623
585.475.4122
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://security.rit.edu/dsd.html

Become a fan of RIT Information Security at 
http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645>

Follow us on Twitter: http://twitter.com/RIT_InfoSec




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Quentin 
L McCallum
Sent: Tuesday, August 05, 2014 11:19 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] WSJ Article - A Contrarian View on Data Breaches

I recall that Target's stock price took a severe hit. People stopped trusting Target's brick-and-mortar and online 
stores and stopped shopping there.

With regards,
Quentin

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Harry 
Hoffman
Sent: Tuesday, August 05, 2014 9:28 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] WSJ Article - A Contrarian View on Data Breaches

I'd love to see some hard evidence of reputational damage. Folks always point to it as a major concern but I've yet to 
see one organization show anything tangible in regard to damaged reputation.

Cheers,
Harry


On Aug 5, 2014, at 9:06 AM, Peter Lundstedt <peter.lundstedt () drake edu<mailto:peter.lundstedt () drake edu>> wrote:

Curious if anyone read the article in today's Wall Street Journal titled A Contrarian View on Data Breaches.

The interviewees seem to have a viewpoint around what's best for their bottom line and for their shareholders, rather 
than what may be best for the cardholder.  We've never suffered a breach (that we know of) but I can't imagine trying 
to keep it under wraps in hope that our reputation would not suffer.

Interested in others opinions.

Article Link<http://online.wsj.com/articles/a-contrarian-view-on-data-breaches-1407194237?mod=WSJ_hp_LEFTTopStories>

Peter Lundstedt|  Information Security Analyst
Drake Technology Services (DTS) | Drake University