Welcome to Delicate template
Header
Just another WordPress site
Header

The Verizon Business RISK Team released a very interesting study early in June with detailed results and analysis from more than 500 forensic investigations it conducted over a four-year period (2004 to 2007). It claims that this study represents one-fourth of all publicly disclosed data breaches in that time frame. The report is chock full of statistics and percentages. The study examines the age-old question of IT risk-management: who is the largest threat source, insiders or outsiders?

The study weighs the impact of breaches (number of data records compromised) along with the frequency of threat source causing the breach. It also adds a third threat source to the mix: business partners, a sort of blended insider/outsider. One of the interesting results is that, using the classic risk equation (risk = likelihood * impact), business partners represent the greatest threat, followed closely by insiders.

The paper presents statistics but makes no blanket-conclusions on what to do about the problems, instead leaving that up to the individual organization (as it should). Everyone knows that monitoring the insider threat is difficult and time-consuming. It is somewhat easier to monitor business partners since they (should) have limited access via well-defined conduits. Given the results of this study, monitoring business partner interaction with the corporate network data sources may become the new fad in IT risk-management.

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter