<HTML><HEAD></HEAD>
<BODY>
<DIV id=idOWAReplyText97081 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>I believe that what we are talking about here is "root cause analysis". Unfortunately, getting to the root cause of the event often requires a degree of sophistication and communication uncommon in companies experiencing data breaches. I usually send people interested in this sort of analysis to Rooney and Vanden Huevel's write-up[1]. While focused on quality control, it gives some good direction on causal factor charting and root cause identification. I have had luck in the past adapting it to computer security applications.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>-Dennis</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><SPAN style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">[1] <A href="http://www.asq.org/pub/qualityprogress/past/0704/qp0704rooney.pdf" target=_blank>http://www.asq.org/pub/qualityprogress/past/0704/qp0704rooney.pdf</A> </SPAN></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> B.K. DeLong<BR><B>Sent:</B> Wed 10/11/2006 11:02 AM<BR><B>To:</B> Al Mac<BR><B>Cc:</B> dataloss@attrition.org<BR><B>Subject:</B> Re: [Dataloss] security breaches as a result of email<BR></FONT><BR></DIV>
<DIV><BR><BR>
<DIV><SPAN class=gmail_quote>On 10/11/06, <B class=gmail_sendername>Al Mac</B> <<A href="mailto:macwheel99@sigecom.net" target=_blank>macwheel99@sigecom.net</A>> wrote:</SPAN>
<BLOCKQUOTE class=gmail_quote style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">The data base has coding <A href="http://attrition.org/dataloss/dldoskey.html" target=_blank>http://attrition.org/dataloss/dldoskey.html</A> as to<BR>nature of breach that could narrow you down to this kind of relevance, but<BR>this is something that continues to evolve, and be improved upon by <BR>feedback here. I do not see in the chart a coding for the nature of the<BR>breach:<BR>* laptop gone missing<BR>* dumpster diving<BR>* hacker broke in<BR>* data managers must have been computer illiterates<BR>* data managers must have been privacy illiterates <BR>* e-mail stupidity<BR>* etc.<BR>so if you do a search of the raw data, looking for "e-mail" you going to<BR>get a lot of hits that what was breached was person's e-mail address</BLOCKQUOTE>
<DIV><BR><BR>You make a good point - this is definitely something else we should be tracking in the DLDOS. <BR></DIV><BR></DIV><BR></DIV></BODY></HTML>