May 2009
S M T W T F S
« Apr   Jun »
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Legal Disclaimer

Your use of this Blog does not create an attorney-client relationship. Your e-mail or comments do not create an attorney-client relationship. We have no duty to keep confidential the information that is submitted to this blog. This blog is not a substitute for, nor does it constitute legal advice. Only an attorney who knows the details of your particular situation and is properly licensed in the applicable state (or states) is able to appropriately and properly address any legal issues you may have.

Blog Categories
«  
  »

An Analysis of Data Breaches by Industry and Type

By Robert Hudock, on May 8th, 2009 Print This Post Print This Post

Security researches using a taxonomy to classify breaches by type and by industry using the North American Industry Classification System (NAICS), found statistically significant correlations between breach types and industries. The study is available for download from their website: http://web.interhack.com/publications/breach-taxonomy.

The study found-

The Health Care and Social Assistance sector reported a larger than average proportion of lost and stolen computing hardware, but reported an unusually low proportion of compromised hosts. Educational Services reported a disproportionally large number of compromised hosts, while insider conduct and lost and stolen hardware were well below the proportion common to the set as a whole. Public Administration’s proportion of compromised host reports was below average, but their proportion of processing errors was well above the norm. The Finance and Insurance sector experienced the smallest overall proportion of processing errors, but the highest proportion of insider misconduct. Other sectors showed no statistically significant difference from the average, either due to a true lack of variance, or due to an insignificant number of samples for the statistical tests being used.

The researches used data accumulated by the Identity Theft Resource Center.  The website for the Identity Theft Resource Center is http://www.idtheftcenter.org/.  The site has data from 2009, 2008, and 2007, 2006 and 2005.  The 2009 report is available at http://www.idtheftcenter.org/ITRC%20Breach%20Report%202009.pdf.

According to the Identity theft resource center– “Security breaches can be broken down into a number of categories. What they all have in common is that they usually contain personal identifying information in a format easily read by thieves, in other words, not encrypted.”

The ITRC tracks five categories of data loss methods:

  • Data on the Move;
  • Accidental Exposure;
  • Insider Theft;
  • Subcontractors; and
  • Hacking.

A database of recent security incidents is also avaliable at http://www.datalossdb.org/.

 Digg  Facebook  StumbleUpon  Technorati  Deli.cio.us 
May 8th, 2009 | Tags: , , , , , , , , | Category: Computer Security Law -- Federal, Federal Agencies, Identity Theft, Privacy | Leave a comment Print This Post Print This Post

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Improve the web with Nofollow Reciprocity.