Re: CDW-G Survey on Higher Ed. Security

[Chris Walsh <cwalsh () cwalsh org>]

On Tue, Oct 10, 2006 at 02:26:14PM -0400, Adam Shostack wrote:
> Thanks for passing that on.
>
> I find it disappointing that CDW chooses to release a presentation,
> rather than a report, but that's their choice.  It's also too bad that
> they don't reporduce their survey instrument/list of questions, or
> discuss the wide variance in the number of respondants: Many slides
> don't mention it, slide 12 mentions 60, slide 20 mentions their survey
> as having 182 completed questions.

I think you'd be pleased by the CIFAC studies, Adam.  This is "legit"
academic stuff by Virginia Rezmierski, et. al., looking at academic
institutions in one sample for phase I, and then at corporate 
entities in phase II.  I believe that in both cases, the survey
instrument is provided.  They're totally up front about methods, etc.

http://0-www.educause.edu.csulib.ctstateu.edu/LibraryDetailPage/666?ID=SEC0409
http://0-www.educause.edu.csulib.ctstateu.edu/LibraryDetailPage/666?ID=CSD4455

Along similar lines, I am eagerly awaiting the results of the National Computer 
Security Survey, being performed by RAND (http://www.ncss.rand.org/).  

cw
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 136 million compromised records in 403 incidents over 6 years.