Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Security Incident Statistical Analysis

Reply
Thread Tools

Security Incident Statistical Analysis

 
 
cjj3520@aol.com
Guest
Posts: n/a
 
      12-13-2004
Can anyone point me in the direction of a report or survey which would
enlighten me on the type/number of security breaches occurring within
US companies? I am trying to persuade management here to take this more
seriously. Thank you in advance for any help.

 
Reply With Quote
 
 
 
 
bostontechgroup
Guest
Posts: n/a
 
      12-13-2004
Try going to cert.org.
http://www.cert.org/summaries/

That's a good place to start.
BTG

--
Boston Technology Group
http://www.bostontechgroup.com

 
Reply With Quote
 
 
 
 
bowgus
Guest
Posts: n/a
 
      12-13-2004
I've seen bits and pieces of data out of Gartner reports ...
http://www4.gartner.com/RecognizedUser ... you might contact them and yes
it will cost ... but ... it'll support your argument a lot better than say
the stuff floating around depending on imo who's trying to sell you what ...
e.g. a scanner vendor might say 73.9 % vulnerabilities are due to OS
misconfiguration ... who knows ... maybe that's about right ???

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Can anyone point me in the direction of a report or survey which would
> enlighten me on the type/number of security breaches occurring within
> US companies? I am trying to persuade management here to take this more
> seriously. Thank you in advance for any help.
>



 
Reply With Quote
 
donnie
Guest
Posts: n/a
 
      12-14-2004
On 13 Dec 2004 08:11:49 -0800, http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

>Can anyone point me in the direction of a report or survey which would
>enlighten me on the type/number of security breaches occurring within
>US companies? I am trying to persuade management here to take this more
>seriously. Thank you in advance for any help.

########################
Is it worth it to go crazy trying to convince them? Send them one
memo and then forget about it.
donnie.
 
Reply With Quote
 
winged
Guest
Posts: n/a
 
      12-14-2004
donnie wrote:
> On 13 Dec 2004 08:11:49 -0800, (E-Mail Removed) wrote:
>
>
>>Can anyone point me in the direction of a report or survey which would
>>enlighten me on the type/number of security breaches occurring within
>>US companies? I am trying to persuade management here to take this more
>>seriously. Thank you in advance for any help.

>
> ########################
> Is it worth it to go crazy trying to convince them? Send them one
> memo and then forget about it.
> donnie.

Every "company" should be concerned about security. Everything from
real property to intellectual property is at stake. There are incidents
reported recently of competitors paying hackers to interfere or steal
other companies secrets.

Additionally while most home users (there is legislation in congress to
make even home users responsible, whether or not they knew their system
was compromised, not sure of bill status) may not be held liable
responsible for damage their systems do, if that companies computers
were used to launch an attack against another they could be liable for a
portion of the damages. The damages could vary depending whether gross
negligence was involved. If your company is not worried about security,
you better go job hunting, it will not be in business for long if their
business relies on web and web commerce. To write a memo and forget it
is not my recommended approach.

It will be far easier to show them if you have any responsibilities
associated with the network. In your cost analysis you might want to
consider the cost of contracting out that maintenance. In many small
companies without dedicated IT staff this is an economical method to
deal with security issues.

Winged
 
Reply With Quote
 
donnie
Guest
Posts: n/a
 
      12-14-2004
On 13 Dec 2004 21:12:01 EST, winged <(E-Mail Removed)> wrote:

>Additionally while most home users (there is legislation in congress to
>make even home users responsible, whether or not they knew their system
>was compromised, not sure of bill status) may not be held liable
>responsible for damage their systems do, if that companies computers
>were used to launch an attack against another they could be liable for a
>portion of the damages.

##########################
They want to make us responsible for drunk drivers too saying that we
are supposed to take away the keys. Guess what. It's not my problem.
My father is in his 80s. He has no clue how to secure his PC other
than what I tell him. Noone is going to hold him responsible, nor
should they.
donnie
 
Reply With Quote
 
winged
Guest
Posts: n/a
 
      12-14-2004
donnie wrote:
> On 13 Dec 2004 21:12:01 EST, winged <(E-Mail Removed)> wrote:
>
>
>>Additionally while most home users (there is legislation in congress to
>>make even home users responsible, whether or not they knew their system
>>was compromised, not sure of bill status) may not be held liable
>>responsible for damage their systems do, if that companies computers
>>were used to launch an attack against another they could be liable for a
>>portion of the damages.

>
> ##########################
> They want to make us responsible for drunk drivers too saying that we
> are supposed to take away the keys. Guess what. It's not my problem.
> My father is in his 80s. He has no clue how to secure his PC other
> than what I tell him. Noone is going to hold him responsible, nor
> should they.
> donnie


I agree they shouldn't however the proposed legislation is being
formed. I never said it was a good idea. Especially since there is no
absolutely secure systems.

Winged
 
Reply With Quote
 
cjj3520@aol.com
Guest
Posts: n/a
 
      12-14-2004
Thank you all for the advice and comments.



winged wrote:
> donnie wrote:
> > On 13 Dec 2004 21:12:01 EST, winged <(E-Mail Removed)> wrote:
> >
> >
> >>Additionally while most home users (there is legislation in

congress to
> >>make even home users responsible, whether or not they knew their

system
> >>was compromised, not sure of bill status) may not be held liable
> >>responsible for damage their systems do, if that companies

computers
> >>were used to launch an attack against another they could be liable

for a
> >>portion of the damages.

> >
> > ##########################
> > They want to make us responsible for drunk drivers too saying that

we
> > are supposed to take away the keys. Guess what. It's not my

problem.
> > My father is in his 80s. He has no clue how to secure his PC other
> > than what I tell him. Noone is going to hold him responsible, nor
> > should they.
> > donnie

>
> I agree they shouldn't however the proposed legislation is being
> formed. I never said it was a good idea. Especially since there is

no
> absolutely secure systems.
>
> Winged


 
Reply With Quote
 
EDOOD
Guest
Posts: n/a
 
      12-14-2004
I do wish you luck, getting accurate results. Most companies, whether
privately held, or Public, are going to publish breaches in information
security. I know, as an IT manager, that I would be very hesitant to report
a breach to anyone outside my company...unless it was for training purposes.
There is no "UPSIDE" for companies to say they were hacked. That is like
posting they are incompetent. No one is going to admin that, unless they
are forced into it.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Preparing Data For Statistical Analysis and Reporting Robert Ruby 1 07-25-2007 01:50 AM
Preparing Data For Statistical Analysis Robert Ruby 0 07-24-2007 07:00 PM
Software for statistical analysis vincent64@yahoo.com C Programming 1 09-26-2006 04:03 AM
statistical analysis tools in python? Thomas Nelson Python 3 07-18-2006 05:28 PM
Incident Analysis of the intrusion on helium.ruby-lang.org Shugo Maeda Ruby 0 07-22-2004 06:29 AM



Advertisments