Using a Taxonomy to Analyze Recent Data Losses
Interhack Senior Analyst Lee Ayres proposes a naming scheme for computer security breaches, when he presents a peer-reviewed scientific paper, soon to be published in the I/S Journal. The event is at University of Findlay's Center for Information Assurance Education (CIAE) in Findlay, Ohio, on October 29, 2008.
Malicious hackers tend to steal headlines, but do their stories correlate to the threats that are most prevalent in your industry? Reviewing a selection of publicized security incidents from 2005–2007, Lee proposes a taxonomy of breaches based on the concept of the threat/vulnerability pair. He explores the proportion of incidents of each type in several broadly defined industries, followed by analysis and discussion of effective technical, procedural, and administrative controls. The data and analysis can assist business leaders to make informed decisions about the distribution of limited information security assets.
About the I/S Journal
I/S: A Journal of Law and Policy for the Information Society is an interdisciplinary journal of research and commentary, concentrating on the intersection of law, policy, and information technology. I/S represents a one-of-a-kind partnership between one of America's leading law schools, the Moritz College of Law at The Ohio State University, and the nation's foremost public policy school focused on information technology, Carnegie Mellon University's H.J. Heinz III School of Public Policy and Management.
Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.