Source: (Symantec, 2009)
More on Data Breaches
This week, we were required to write a paper that was based on the analysis reports of three annual Data Breach Summary reports from the Verizon Business Risk Team.
This is the set of conclusions from my report:
The general conclusions that a manager can draw from these reports are as follows:
1) The increases in Threat Actions over the past three years have been the areas of
Hacking
Social Engineering
Malware Attacks
2) The external threats have been steadily increasing in most companies since 2005.
3) Knowing where these threats are coming from and how these data breaches are occurring will help the prudent manager create a plan and a road map for the expenditure of the resources to mitigate these risks as effectively as possible.
4) The general need for Information Security personnel to carry out these hands-on mitigation activities is increasing, so we can expect a growth of professionals with these specialized skills in our IT staffs.
5) Because of the increased focus on publicity about data breaches as well as compliance with laws that are designed to protect consumer privacy, every manager must make the protection of the data of its clients and its employees a top priority, and secure budgets that will fund the necessary resources to protect data and drive down the risks to a level that is acceptable for the business to effectively operate in compliance with all existing laws.
These are the References from that report:
References:
Baker, W. H., et al. (2009). 2008 Data Breach Investigations Report: A Study Conducted by the Verizon Business Risk Team. Retrieved from the Bellevue University CIS 608 Classroom at http://www.bellevue.edu on September 14, 2011.
Baker, W. H., et al. (2010). 2009 Data Breach Investigations Report: A Study Conducted by the Verizon Business Risk Team. Retrieved from the Bellevue University CIS 608 Classroom at http://www.bellevue.edu on September 14, 2011.
Baker, W. H., et al. (2011). 2010 Data Breach Investigations Report: A Study Conducted by the Verizon Business Risk Team. Retrieved from the Bellevue University CIS 608 Classroom at http://www.bellevue.edu on September 14, 2011.
Bejtlich, R. (2006).Extrusion Detection: Security Monitoring for Internal Intrusions. Addison-Wesley: Upper Saddle River, NJ.
Dhanjani, N., et al. (2009). Hacking: The Next Generation. O’Reilly: Sebastapol, CA.
The Honeynet Project. (2004). Know Your Enemy: Learning About Security Threats, second edition. Addison-Wesley: Boston, MA.
Ligh, M. L., et al. (2011). Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. Wiley Publishing, Inc.: Indianapolis, IN.
Parker, T., et al. (2004). Cyber Adversary Characterization: Auditing the Hacker Mind. Syngress: Boston, MA.
Ponemon Institute. (2009). Fourth Annual US Cost of Data Breach Study: Benchmark Study of Companies. Retrieved from the web at http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/2008-2009%20US%20Cost% 20of%20Data%20Breach%20Report%20Final.pdf on May 15, 2011.
Provos, N. and Holz, T. (2008). Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley: Upper Saddle River, NJ.
Rash, M., et al. (2005). Intrusion Prevention and Active Response: Deploying Network and Host IPS. Syngress: Boston, MA.
Symantec. (2009) Anatomy of a Data Breach. Retrieved from the web at http://eval.symantec.com/mktginfo/enterprise/white_papers/b-anatomy_of_a_data_breach_WP_20049424-1.en-us.pdf on September 17, 2011.
Trost, R. (2010). Practical Intrusion Analysis. Addison-Wesley: Upper Saddle River, NJ.
Wilhelm, T. and Andress, J. (2011). Ninja Hacking: Uncoventional Penetration Testing Tactics and Techniques. Syngress: Boston, MA.
No comments:
Post a Comment