A Taxonomy of Recent Data Losses—First Presentation
Interhackers Matt Curtin and Lee Ayres present A Taxonomy of Data Losses and their follow-up research findings A Comparative Analysis of Three Years of Breach Reports by Breach Type and Industry to the Central Ohio ISSA at Platform Lab, 1275 Kinnear Road, Columbus, Ohio, on February 20, 2008.
Malicious hackers tend to steal headlines, but do their stories correlate to the threats most prevalent in your industry? Reviewing a selection of publicized security incidents from 2005–2007, Curtin and Ayres propose a taxonomy of breaches based on the threat/vulnerability pair.
Following is analysis of documented incidents of each type in several broadly defined industries. The data and analysis provided will assist business leaders in making informed decisions regarding the distribution of limited information security assets.
Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.