Adrian Lane, frequent commenter on this blog, wrote about the desire for real case studies of breaches.
I’ve been spending a lot of time digging through breach statistics and all the public information on some major breaches in order to come as close as possible to root cause analysis. While I love the Attrition database and the Privacy Rights Clearing House, they are only able to enter what little data makes it into the public light. It makes for a nice Star Wars spoof, and is absolutely helpful, but it’s time we took it to the next step.
In order to make really intelligent decisions on how to protect ourselves we need to perform root cause analysis on real world breaches. I’ve done the best I can on this, and have a fairly decent presentation on it, but there are serious limitations when relying on nothing but press reports, which is pretty much all we have.
I’m in discussions with a very trusted organization about potentially running a detailed survey focused on how breaches really occur. The goal is to provide the community with hard data on where the bad guys are succeeding, where they are failing, what defenses work, and what defenses don’t. Real root cause analysis, on a statistically significant scale.
I’m not going to ask if you think this would be useful- we all know the answer. What I’m going to ask is if you would be willing to participate. One potential poll format is an open, anonymous survey. The next option is an invitation survey (thus we’ll know you participated) but where your answers are totally anonymous. Next is participating in a focused study with interviews, but without releasing who you are or what organization you work for. The final option is a public case study (and only answer if you think the lawyers will sign off, and we know they won’t).
These results will help us design our model and how to approach the security community.
We all know the bad guys share techniques and information (even if it’s stupid bragging w1th a l0t 0f w31rd wr1t1ng); now it’s our turn to take charge and figure out what works.
This isn’t just a random blog poll; your answers could affect a major research project.
Updated : There’s a bug in the polling software when I embed it in a post, so please vote over on the sidebar until I figure it out.