[Dataloss] An amazing use of DLDOS
Chris Walsh
cwalsh at cwalsh.org
Wed Sep 6 14:50:52 EDT 2006
On Wed, Sep 06, 2006 at 10:24:03AM -0700, George Toft wrote:
> What would also make the database really useful for research is if we
> could categorize the primary (and secondary) causes of the loss. For
> example:
> pri_cause - laptop theft
> sec_cause - policy violation
Forget about sec_cause :^)
For pri_cause, you often find that it was a compromised web site. So, that
could mean an application flaw (SQL injection), a misconfigured web server,
poor or no authentication, a braindead firewall, etc. The same logic
applies to other compromises. You get the general "cause", but not what
really happened. It is frustrating, but sort of interesting.
Sometimes, what happened is perfectly clear:
An auditor left a laptop containing customer data, including SSN, name,
and salary in a locked car in Hoboken NJ. The car was broken into, and the
laptop stolen. The laptop was password-protected, but the data were not
encrypted.
For a large proportion of cases, all you know is what was compromised, but
not *how* (or even, when).
I forgot to mention in my earlier post that for the cases I have "on file", I
also specify whether reporting was mandated by state law, whether such
reporting occurred, and what form the notice took (mail, email, phone, etc).
The sector (banking, etc) is easily obtained by looking at the NAICS code,
which is the industrial classification often used by academic researchers in
the social sciences.
cw
http://www.census.gov/epcd/www/naics.html
More information about the Dataloss
mailing list