[Dataloss] seriously flawed U Washington breach study

Chris Walsh cwalsh at cwalsh.org
Thu Mar 15 11:31:01 UTC 2007


Bill Yurcik wrote: 

"the press does pick up a significant portion of the disclosures between 
 organizations and the parties affected."


Two questions:

Q1:  What do you mean by "significant"?
Q2:  If the answer to Q1 depends in any way on the (unobserved) total number
     of communications between breached entity and parties affected, how do
     you know your statement is true?  That is, how do you test it as a 
     hypothesis?


I read the quoted material as saying "The press has revealed a large
proportion of breaches for which disclosure has occurred".  Well, ascertaining
the numerator is easy in principle:  Google+LexisNexis --> a number.  The
denominator is the hard one.  Is it 95% of the iceberg?  Is it 5%?  Is
the visible part of the iceberg just like the submerged part, so from an
analytical standpoint it doesn't matter?

I think that we know of a more than 5% or reported breaches, but that the ones
we don't know about are different in analytically meaningful ways.  I can think of a way to sort of prove it, even.  The more important question is whether
the breaches that are never even reported to anyone "look like" the ones we 
have info on.  Impossible, using current data, to answer.

cw


More information about the Dataloss mailing list