Re: Employee vs client data?

["Allan Friedman" <allan_friedman () ksgphd harvard edu>]

> Right - I would guess, (with credit and your permission), that Attrition &
> PogoWasRight.org would switch to your data set or at least import the data
> you've collected into their database.

Of course we plan to publish the data set.  It's just that the details
required and the peculiarities of the project meant that it made more
sense for us to continue to use my dataset, rather than try to
synchronize immediately.

There aren't too many details about the breaches themselves that I
have apart from what's already in the DLDOS.  Keep in mind that our
unit of analysis is a company-breach-news outlet tuple, so I have a
dozen entries for the BoA/Wachovia from 2005. Each news story reveals
more details about the breach.  You (we!) can talk about the best way
to integrate that into DLDOS.  I also note some of the details of the
brach announcement (i.e. press release vs. got caught sending letters)
and when the breach actually occured.

Of course this data is still very messy.  Sorry, Chris, we need one
more cleaning before I'll feel confident enough about the coding to
give you anything meaningful.

Again, I hate to not be more open right now, but I hate sloppy work
and incorrect assumptions even more.

One last shameless plug for the Workshop on the Economics of Securing
the Information Infrastructure.  Free!  In DC!  Today's the last day
to register: http://wesii.econinfosec.org/workshop/

allan
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 137 million compromised records in 430 incidents over 6 years.