Security Incident Statistical Analysis

Discussion in 'Computer Security' started by cjj3520@aol.com, Dec 13, 2004.

  1. Guest

    Can anyone point me in the direction of a report or survey which would
    enlighten me on the type/number of security breaches occurring within
    US companies? I am trying to persuade management here to take this more
    seriously. Thank you in advance for any help.
     
    , Dec 13, 2004
    #1
    1. Advertising

  2. bostontechgroup, Dec 13, 2004
    #2
    1. Advertising

  3. bowgus Guest

    I've seen bits and pieces of data out of Gartner reports ...
    http://www4.gartner.com/RecognizedUser ... you might contact them and yes
    it will cost ... but ... it'll support your argument a lot better than say
    the stuff floating around depending on imo who's trying to sell you what ...
    e.g. a scanner vendor might say 73.9 % :) vulnerabilities are due to OS
    misconfiguration ... who knows ... maybe that's about right ???

    <> wrote in message
    news:...
    > Can anyone point me in the direction of a report or survey which would
    > enlighten me on the type/number of security breaches occurring within
    > US companies? I am trying to persuade management here to take this more
    > seriously. Thank you in advance for any help.
    >
     
    bowgus, Dec 13, 2004
    #3
  4. donnie Guest

    On 13 Dec 2004 08:11:49 -0800, wrote:

    >Can anyone point me in the direction of a report or survey which would
    >enlighten me on the type/number of security breaches occurring within
    >US companies? I am trying to persuade management here to take this more
    >seriously. Thank you in advance for any help.

    ########################
    Is it worth it to go crazy trying to convince them? Send them one
    memo and then forget about it.
    donnie.
     
    donnie, Dec 14, 2004
    #4
  5. winged Guest

    donnie wrote:
    > On 13 Dec 2004 08:11:49 -0800, wrote:
    >
    >
    >>Can anyone point me in the direction of a report or survey which would
    >>enlighten me on the type/number of security breaches occurring within
    >>US companies? I am trying to persuade management here to take this more
    >>seriously. Thank you in advance for any help.

    >
    > ########################
    > Is it worth it to go crazy trying to convince them? Send them one
    > memo and then forget about it.
    > donnie.

    Every "company" should be concerned about security. Everything from
    real property to intellectual property is at stake. There are incidents
    reported recently of competitors paying hackers to interfere or steal
    other companies secrets.

    Additionally while most home users (there is legislation in congress to
    make even home users responsible, whether or not they knew their system
    was compromised, not sure of bill status) may not be held liable
    responsible for damage their systems do, if that companies computers
    were used to launch an attack against another they could be liable for a
    portion of the damages. The damages could vary depending whether gross
    negligence was involved. If your company is not worried about security,
    you better go job hunting, it will not be in business for long if their
    business relies on web and web commerce. To write a memo and forget it
    is not my recommended approach.

    It will be far easier to show them if you have any responsibilities
    associated with the network. In your cost analysis you might want to
    consider the cost of contracting out that maintenance. In many small
    companies without dedicated IT staff this is an economical method to
    deal with security issues.

    Winged
     
    winged, Dec 14, 2004
    #5
  6. donnie Guest

    On 13 Dec 2004 21:12:01 EST, winged <> wrote:

    >Additionally while most home users (there is legislation in congress to
    >make even home users responsible, whether or not they knew their system
    >was compromised, not sure of bill status) may not be held liable
    >responsible for damage their systems do, if that companies computers
    >were used to launch an attack against another they could be liable for a
    >portion of the damages.

    ##########################
    They want to make us responsible for drunk drivers too saying that we
    are supposed to take away the keys. Guess what. It's not my problem.
    My father is in his 80s. He has no clue how to secure his PC other
    than what I tell him. Noone is going to hold him responsible, nor
    should they.
    donnie
     
    donnie, Dec 14, 2004
    #6
  7. winged Guest

    donnie wrote:
    > On 13 Dec 2004 21:12:01 EST, winged <> wrote:
    >
    >
    >>Additionally while most home users (there is legislation in congress to
    >>make even home users responsible, whether or not they knew their system
    >>was compromised, not sure of bill status) may not be held liable
    >>responsible for damage their systems do, if that companies computers
    >>were used to launch an attack against another they could be liable for a
    >>portion of the damages.

    >
    > ##########################
    > They want to make us responsible for drunk drivers too saying that we
    > are supposed to take away the keys. Guess what. It's not my problem.
    > My father is in his 80s. He has no clue how to secure his PC other
    > than what I tell him. Noone is going to hold him responsible, nor
    > should they.
    > donnie


    I agree they shouldn't however the proposed legislation is being
    formed. I never said it was a good idea. Especially since there is no
    absolutely secure systems.

    Winged
     
    winged, Dec 14, 2004
    #7
  8. Guest

    Thank you all for the advice and comments.



    winged wrote:
    > donnie wrote:
    > > On 13 Dec 2004 21:12:01 EST, winged <> wrote:
    > >
    > >
    > >>Additionally while most home users (there is legislation in

    congress to
    > >>make even home users responsible, whether or not they knew their

    system
    > >>was compromised, not sure of bill status) may not be held liable
    > >>responsible for damage their systems do, if that companies

    computers
    > >>were used to launch an attack against another they could be liable

    for a
    > >>portion of the damages.

    > >
    > > ##########################
    > > They want to make us responsible for drunk drivers too saying that

    we
    > > are supposed to take away the keys. Guess what. It's not my

    problem.
    > > My father is in his 80s. He has no clue how to secure his PC other
    > > than what I tell him. Noone is going to hold him responsible, nor
    > > should they.
    > > donnie

    >
    > I agree they shouldn't however the proposed legislation is being
    > formed. I never said it was a good idea. Especially since there is

    no
    > absolutely secure systems.
    >
    > Winged
     
    , Dec 14, 2004
    #8
  9. EDOOD Guest

    I do wish you luck, getting accurate results. Most companies, whether
    privately held, or Public, are going to publish breaches in information
    security. I know, as an IT manager, that I would be very hesitant to report
    a breach to anyone outside my company...unless it was for training purposes.
    There is no "UPSIDE" for companies to say they were hacked. That is like
    posting they are incompetent. No one is going to admin that, unless they
    are forced into it.
     
    EDOOD, Dec 14, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Information Security Risk Analysis", Thomas R. Peltier

    Rob Slade, doting grandpa of Ryan and Trevor, Jun 21, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    762
    Rob Slade, doting grandpa of Ryan and Trevor
    Jun 21, 2004
  2. Security incident logging?

    , Sep 1, 2005, in forum: Computer Security
    Replies:
    1
    Views:
    707
    Derrick Stone
    Sep 6, 2005
  3. George Orwell

    Statistical report of remailer abuse

    George Orwell, Dec 10, 2006, in forum: Computer Security
    Replies:
    0
    Views:
    390
    George Orwell
    Dec 10, 2006
  4. Statistical report of remailer abuse

    , Jan 1, 2007, in forum: Computer Security
    Replies:
    1
    Views:
    449
    traveler 66
    Jan 1, 2007
  5. Rick Merrill

    "authority analysis" - is this security related?

    Rick Merrill, Nov 28, 2007, in forum: Computer Security
    Replies:
    0
    Views:
    737
    Rick Merrill
    Nov 28, 2007
Loading...

Share This Page