BreachExchange mailing list archives
Re: An amazing use of DLDOS
From: George Toft <george () myitaz com>
Date: Wed, 06 Sep 2006 10:24:03 -0700
What would also make the database really useful for research is if we could categorize the primary (and secondary) causes of the loss. For example: pri_cause - laptop theft sec_cause - policy violation What is important to me as I make presentations are the percentages of dataloss relating to stolen laptops or burglaries. Institutions involved come up as well. Nice to have would be the category of businesses affected (Government, University, Medical, Financial) and perhaps the regulations affecting the data loser (HIPAA, GLBA, FACTA, SOX, or State Legislation). Some of this is obvious, some requires research. George Toft, CISSP, MSIS My IT Department www.myITaz.com 480-544-1067 Confidential data protection experts for the financial industry. Chris Walsh wrote:
Nice. These records need a unique identifier to facilitate linkage of information from other tables. For example, I have: address stock symbol exchange NAIC industry code Date of actual breach Date of breach discovery Links to primary sources (NY state reporting forms, notice letters) for many of these. Perhaps you can backfill a unique identifier into the CSV file for now, and when future records are added, they can look like this: CWALSH-MMDDYYYY-nnn This way, you will not have any collisions (unless another C. Walsh comes along), and you will not need to pre-assign blocks of numbers to anyone who wishes to report. Should John Smith and Jim Smith both decide to get into the act, then perhaps the dreaded "jsmith02" solution can be adopted. If someone objects to a tag like 'cwalsh' going into the db, then they would need to say so. Presumably, a privacy-conscious group like this will be able to work through the issue. This is all off the top of my head as far as the implementation, but I have thought at some length about the need for an identifier. Thoughts? Chris P.S. I love how these guys write something spiffy in 3 days. I am eager to see what can be done with an "expanded" DB. I "know", for example, that Google Maps could be used to great effect with this information. If I could code my way out of a wet paper bag, I'd be on the case. On Tue, Sep 05, 2006 at 08:19:40PM -0400, lyger wrote:Our friends at mailerblog.com have applied attrition.org's Data Loss Database - Open Source in quite a cool way: http://www.mailerblog.com/dataloss/dataloss.php If anyone else has any ideas, the raw data can be found here: http://attrition.org/dataloss/dataloss.csv _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 337 incidents over 6 years._______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 337 incidents over 6 years.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 143 million compromised records in 337 incidents over 6 years.
Current thread:
- An amazing use of DLDOS lyger (Sep 05)
- Re: An amazing use of DLDOS Chris Walsh (Sep 06)
- Re: An amazing use of DLDOS George Toft (Sep 06)
- Re: An amazing use of DLDOS Chris Walsh (Sep 06)
- Re: An amazing use of DLDOS Adam Shostack (Sep 07)
- Re: An amazing use of DLDOS lyger (Sep 07)
- Re: An amazing use of DLDOS George Toft (Sep 06)
- Re: An amazing use of DLDOS Al Mac (Sep 07)
- Re: An amazing use of DLDOS lyger (Sep 07)
- Re: An amazing use of DLDOS Chris Walsh (Sep 07)
- Re: An amazing use of DLDOS blitz (Sep 07)
- Re: An amazing use of DLDOS Chris Walsh (Sep 06)