Interhack Home
Navigation

Interhack News
Year 2008
Electronic Evidence in Criminal Defense
When to Hire a Computer Expert Witness
Using a Taxonomy to Analyze Recent Data Losses
Lee Ayres Presents Breach Taxonomy Paper
Interhack Sponsoring Ohio Digital Government Summit
Chris Shiflet Joins Interhack
Building a Successful Organization
Forensic Computing 101
Electrons Are the New Paper
Electrons Are the New Paper
Paper As Obsolete
Beyond TableTop: More Hands-On Incident Response Testing
A Taxonomy of Recent Data Losses
Forensic Computing 101
Year 2007
Year 2006
Year 2005
Year 2004
Year 2003
Year 2002
Year 2001
 News

Using a Taxonomy to Analyze Recent Data Losses

Interhack Senior Analyst Lee Ayres proposes a naming scheme for computer security breaches, when he presents a peer-reviewed scientific paper, soon to be published in the I/S Journal. The event is at University of Findlay's Center for Information Assurance Education (CIAE) in Findlay, Ohio, on October 29, 2008.

Abstract

Malicious hackers tend to steal headlines, but do their stories correlate to the threats that are most prevalent in your industry? Reviewing a selection of publicized security incidents from 2005–2007, Lee proposes a taxonomy of breaches based on the concept of the threat/vulnerability pair. He explores the proportion of incidents of each type in several broadly defined industries, followed by analysis and discussion of effective technical, procedural, and administrative controls. The data and analysis can assist business leaders to make informed decisions about the distribution of limited information security assets.

About the I/S Journal

I/S: A Journal of Law and Policy for the Information Society is an interdisciplinary journal of research and commentary, concentrating on the intersection of law, policy, and information technology. I/S represents a one-of-a-kind partnership between one of America's leading law schools, the Moritz College of Law at The Ohio State University, and the nation's foremost public policy school focused on information technology, Carnegie Mellon University's H.J. Heinz III School of Public Policy and Management.

Subscribe to the I/S Journal or contact Interhack to receive a copy of the paper.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.

 
Contact Privacy Policy (c) 2001-2009 Interhack