RR-303_final

SUsing Science to Battle Data Loss: Analyzing Breaches byAnalyzing Breaches by Type and Industry C. Matthew Curtin, CISSP Interhack Corporation 04/23/09 | RR-303 Advanced Learning Objectives • See how scientific analysis can work in security • Distinguish among types of data loss incidents • Analyze data loss incidents for where to focusAnalyze data loss incidents for where to focus • See how to improve the state of the art Agenda What In The World Is Going On Out There? A Taxonomy of Data LossesA Taxonomy of Data Losses B h R t b T d I d tBreach Reports by Type and Industry Now What? 3 What in theWhat in the World is G i OGoing On Out There?Out There? Technology Problem? 5 AA Taxonomy f D tof Data LossesLosses Taxonomy of Data Losses: Introduction Taxonomy of Data Losses: Physical Taxonomy of Data Losses: Logical Taxonomy of Data Losses: Procedural Not All Breaches Happen Alike Where Do Breaches Happen? NAICS! Agriculture, Forestry, Fishing, and Hunting Mining Utilities Construction ManufacturingManufacturing Wholesale Trade Retail TradeRetail Trade Transportation and Warehousing More NAICS Information Finance and Insurance Real Estate and Rental and LeasingReal Estate and Rental and Leasing Professional, Scientific, and Technical Services Educational Services Health Care and Social Assistance Public Administration BreachBreach Reports by T dType and IndustryIndustry Breaches Observed: Type and Industry Test of Significance in Nominal Data: x2 Tests for statistical significance estimate the probability of chance in observations. Looking for probability of error at 5% (p=0.05). Threshold used to determine whether to reject null hypothesishypothesis. x2 Analysis: P-Values by Type Docs .5116643991 Media .0172283798 Hardware 0001473399Hardware .0001473399 Insider .0344524032 C i 0000000001Compromise .0000000001 Processing .0001688209 Disposal .0384812865 x2 Analysis: P-Values by Industry Agriculture .8760759196 Mining 4832063360 Real Est .0612124637 Prof Svc .1271919999Mining .4832063360 Utilities .5512226506 f Adm Svc .3659340107 Edu 0000000001Mfg .1817398353 Retail 0034487983 Edu .0000000001 Health .0000096276 A t 2484658204.0034487983 Transp .5437545766 Arts .2484658204 Accom .0022826685 Information.2034512769 Finance .0157029420 Services .3049347667 Pub Adm.0018734368 Statistically Significant Observations Disposal Processing Insider Compromise Hardware Documents Media Trends: More Data Needed This Analysis Might Be Useful One Day Education Pub Admin Financial Health Now What?Now What? How to Use the Taxonomy • See the full report! Distributed to IAPP via I/S Journal– Distributed to IAPP via I/S Journal – Available for download from http://web.interhack.com/. • Report breaches using taxonomy• Report breaches using taxonomy • Apply to your data set of choice—we used Identity Theft Resource Center's breach listIdentity Theft Resource Center s breach list • We will release updates with more data 23 How to Apply This Work See how your industry fares to others. See how your firm fares to others in your industry. Use a common language to discuss how data losses take placelosses take place.