BreachExchange mailing list archives
Study Shows Finance, Education, Healthcare, and Government Lose Sensitive Personal Data Differently
From: security curmudgeon <jericho () attrition org>
Date: Sun, 26 Apr 2009 19:11:14 +0000 (UTC)
http://web.interhack.com/news/n2009/taxonomy Study Shows Finance, Education, Healthcare, and Government Lose Sensitive Personal Data Differently APRIL 23, 2009Proposing a taxonomy for classifying data loss incidents with public information, Interhack has examined publicized data breaches by type and industry and found significant results for Finance, Education, Public Administration, and Health Care. We believe we can make a science of finding likelihood and helping defenses to be properly focused.Matthew Curtin, Founder Interhack We discovered a statistically significant distinction between the types of breaches that occur in several of the industry sectors. Matthew Curtin, founder of Interhack and co-author of the study said. Curtin and Interhack Senior Analyst Lee Ayres created the taxonomy for the hierarchical classification of data losses and then applied it to a set of data breaches accumulated by the Identity Theft Resource Center. Curtin and Ayres classified breach events according to industry sector using the 2002 North American Industry Classification System (NAICS). The Health Care and Social Assistance sector reported a larger than average proportion of lost and stolen computing hardware, but reported an unusually low proportion of compromised hosts. Educational Services reported a disproportionally large number of compromised hosts, while insider conduct and lost and stolen hardware were well below the proportion common to the set as a whole. Public Administration's proportion of compromised host reports was below average, but their proportion of processing errors was well above the norm. The Finance and Insurance sector experienced the smallest overall proportion of processing errors, but the highest proportion of insider misconduct. Other sectors showed no statistically significant difference from the average, either due to a true lack of variance, or due to an insignificant number of samples for the statistical tests being used. The taxonomy and data breach study have many applications. For one, finding likelihood of security incidents has been a sort of guessing game for information security practitioners. We believe we can make a science of finding likelihood and helping defenses to be properly focused, Curtin said. We have the analytical tools, and we see promise in the approach. Curtin unveils the taxonomy and data breach study at RSA Conference 2009 in San Fransisco, California on April 23 in the presentation Using Science to Battle Data Loss: Analyzing Breaches by Type and Industry. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Study Shows Finance, Education, Healthcare, and Government Lose Sensitive Personal Data Differently security curmudgeon (Apr 26)