Login  |  Register  |  Contact

Reader Poll: Forget Breach Stats- We Need Root Cause Analysis

Adrian Lane, frequent commenter on this blog, wrote about the desire for real case studies of breaches.

I've been spending a lot of time digging through breach statistics and all the public information on some major breaches in order to come as close as possible to root cause analysis. While I love the Attrition database and the Privacy Rights Clearing House, they are only able to enter what little data makes it into the public light. It makes for a nice Star Wars spoof, and is absolutely helpful, but it's time we took it to the next step.

In order to make really intelligent decisions on how to protect ourselves we need to perform root cause analysis on real world breaches. I've done the best I can on this, and have a fairly decent presentation on it, but there are serious limitations when relying on nothing but press reports, which is pretty much all we have.

I'm in discussions with a very trusted organization about potentially running a detailed survey focused on how breaches really occur. The goal is to provide the community with hard data on where the bad guys are succeeding, where they are failing, what defenses work, and what defenses don't. Real root cause analysis, on a statistically significant scale.

I'm not going to ask if you think this would be useful- we all know the answer. What I'm going to ask is if you would be willing to participate. One potential poll format is an open, anonymous survey. The next option is an invitation survey (thus we'll know you participated) but where your answers are totally anonymous. Next is participating in a focused study with interviews, but without releasing who you are or what organization you work for. The final option is a public case study (and only answer if you think the lawyers will sign off, and we know they won't).

These results will help us design our model and how to approach the security community.

We all know the bad guys share techniques and information (even if it's stupid bragging w1th a l0t 0f w31rd wr1t1ng); now it's our turn to take charge and figure out what works.

This isn't just a random blog poll; your answers could affect a major research project.

Updated : There's a bug in the polling software when I embed it in a post, so please vote over on the sidebar until I figure it out.

—Rich

Posted at Tuesday 4th December 2007 1:39 pm Filed under: non-geek

Previous entry: MPAA Violated Copyright And Issued Takedown Notice | | Next entry: Predicting Security Markets

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By shrdlu  on  12/04  at  06:16 PM

All of my choices bring a pop-up that says, "Please choose a valid poll answer."

So I guess the answer is "no." :-)

By Sharon  on  12/04  at  10:13 PM

Thus far, the only good public (yet reliable) source of information that would help us to analyze the root cause of breaches is the court. In some cases, breach notification reports are also valuable, but only when physical media is lost.

By rmogull  on  12/04  at  10:21 PM

Weird- it wort of works for me, sort of doesn’‘t. I’‘ll go see if the plugin was updated, it worked the last time I used it.

By rmogull  on  12/04  at  10:34 PM

I updated the software, can someone try it out? My IP is already registered so I can’‘t vote again.

By rmogull  on  12/04  at  10:45 PM

Okay- updated the post to send everyone to the sidebar until I figure this out.

By windexh8er  on  12/05  at  05:49 AM

Rich,

You’‘re probably running into a visual editor mode issue (since you’‘re using WordPress).  Log into your admin site, click "Users", click "edit" on the user that you’‘re posting with, and then uncheck "Use the visual editor when writing".  Then post in a new post with the poll.  It’‘ll more than likely work right then.  Visual editor mangles embeded code more often than not.

Oh and BTW, you’‘re running a very old version of WordPress.  :) You == 2.2.3, Current == 2.3.1

—windexh8er

By windexh8er  on  12/05  at  05:54 AM

Oh and on topic—I don’‘t feel the courts would help the situation a whole lot.  The problem I see is that a good IP lawyer will try to obsfucate the root cause on the defense side.  It just ends up looking like muddy water when it’s all over.  It’s too bad it’s a lost cause because what business wants to openly admit root cause?  Not gonna happen, and it’s unfortunate…

By rmogull  on  12/05  at  10:38 PM

@win: I don’‘t use the visual editor, so I think it’s a weirdness with my plugin and theme. The polling plugin handles the code in each post, I just put a line of text in. Thanks for the lead though.

I held off on 2.3.1 because not all plugins were supported at first. It looks like everything caught up, so I’‘ll be upgrading soon. I appreciate the reminder and kick in the ass… needed it…

Page 1 of 1 pages

Name:

Email:

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: