Where Law, Technology and Risk Management Converge

(September 16, 2009) Interhack Founder C. Matthew Curtin applies original Interhack research at the intersection of law and technology. He shows the impact of breach notification law on analysis of data loss incidents, and how such analysis can be used to assess likelihood of incidents.

SEPTEMBER 11, 2009—Interhack Founder C. Matthew Curtin speaks at the Information Security Compliance and Risk Management Institute (ISC/RMI) in Seattle, Washington on September 16, 2009. Based on original Interhack research, Curtin shows how to use science to combat data loss.  Attorneys, business leaders, and risk managers will learn about the impact of breach notification law on analysis of data loss incidents, and how such analysis can be used to assess likelihood of incidents. 

In their recent research paper Using Science to Combat Data Loss: Analysis of Breaches by Type and IndustryCurtin and Interhack Senior Analyst Lee T. Ayres created a taxonomy for the hierarchical classification of data losses.  They applied it to a set of data breaches accumulated by the Identity Theft Resource Center.  Curtin and Ayres classified breach events according to industry sector using the 2002 North American Industry Classification System (NAICS).  They discovered a statistically significant distinction between the types of breaches that occur in several of the industry sectors.  

The paper was published in Volume 4, Issue 3 (Winter 2008–09) of I/S: A Journal of Law and Policy for the Information Society.


ISC/RMI brings IT and information security professionals, attorneys, and auditors together with concerned academics and public officials for two days of discussion and advanced learning about the arts, sciences, and laws of electronic information and IT use and protection.  The 2009 topic is The Changing Environment of Information Security: Dealing with New Technologies, New Threats, and New Laws.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a computer expert firm with practices in Information Assurance and Forensic Computing.  Founded in 2000 by a team of information security researchers, Interhack works to make global computing and communications infrastructures worthy of trust.  Today the firm has clients all over North America.  Additional information about Interhack is available at web.interhack.com.