Adrian Lane, frequent commenter on this blog, wrote about the desire for real case studies of breaches.
I’ve been spending a lot of time digging through breach statistics and all the public information on some major breaches in order to come as close as possible to root cause analysis. While I love the Attrition database and the Privacy Rights Clearing House, they are only able to enter what little data makes it into the public light. It makes for a nice Star Wars spoof, and is absolutely helpful, but it’s time we took it to the next step.
In order to make really intelligent decisions on how to protect ourselves we need to perform root cause analysis on real world breaches. I’ve done the best I can on this, and have a fairly decent presentation on it, but there are serious limitations when relying on nothing but press reports, which is pretty much all we have.
I’m in discussions with a very trusted organization about potentially running a detailed survey focused on how breaches really occur. The goal is to provide the community with hard data on where the bad guys are succeeding, where they are failing, what defenses work, and what defenses don’t. Real root cause analysis, on a statistically significant scale.
I’m not going to ask if you think this would be useful- we all know the answer. What I’m going to ask is if you would be willing to participate. One potential poll format is an open, anonymous survey. The next option is an invitation survey (thus we’ll know you participated) but where your answers are totally anonymous. Next is participating in a focused study with interviews, but without releasing who you are or what organization you work for. The final option is a public case study (and only answer if you think the lawyers will sign off, and we know they won’t).
These results will help us design our model and how to approach the security community.
We all know the bad guys share techniques and information (even if it’s stupid bragging w1th a l0t 0f w31rd wr1t1ng); now it’s our turn to take charge and figure out what works.
This isn’t just a random blog poll; your answers could affect a major research project.
Updated : There’s a bug in the polling software when I embed it in a post, so please vote over on the sidebar until I figure it out.
Reader interactions
8 Replies to “Reader Poll: Forget Breach Stats- We Need Root Cause Analysis”
@win: I don’‘t use the visual editor, so I think it’s a weirdness with my plugin and theme. The polling plugin handles the code in each post, I just put a line of text in. Thanks for the lead though.
I held off on 2.3.1 because not all plugins were supported at first. It looks like everything caught up, so I’‘ll be upgrading soon. I appreciate the reminder and kick in the ass… needed it…
Oh and on topic—I don’‘t feel the courts would help the situation a whole lot. The problem I see is that a good IP lawyer will try to obsfucate the root cause on the defense side. It just ends up looking like muddy water when it’s all over. It’s too bad it’s a lost cause because what business wants to openly admit root cause? Not gonna happen, and it’s unfortunate…
Rich,
You’‘re probably running into a visual editor mode issue (since you’‘re using WordPress). Log into your admin site, click “Users”, click “edit” on the user that you’‘re posting with, and then uncheck “Use the visual editor when writing”. Then post in a new post with the poll. It’‘ll more than likely work right then. Visual editor mangles embeded code more often than not.
Oh and BTW, you’‘re running a very old version of WordPress. 🙂 You == 2.2.3, Current == 2.3.1
—windexh8er
Okay- updated the post to send everyone to the sidebar until I figure this out.
I updated the software, can someone try it out? My IP is already registered so I can’‘t vote again.
Weird- it wort of works for me, sort of doesn’‘t. I’‘ll go see if the plugin was updated, it worked the last time I used it.
Thus far, the only good public (yet reliable) source of information that would help us to analyze the root cause of breaches is the court. In some cases, breach notification reports are also valuable, but only when physical media is lost.
All of my choices bring a pop-up that says, “Please choose a valid poll answer.”
So I guess the answer is “no.” 🙂