Trust Economics

This year Verizon released their ‘2008 Data Breach Investigations Report’, describing their findings from cases of data breaches that they have been called in to investigate over the last four years. These findings relate, for instance, the sources of a data breach (e.g. insider or external party), and trends within particular industries (Financial Services, Retail etc.), as well as detailing some typical means of accessing and exploiting a company’s IT systems. The report (and the accompanying supplemental report) offer some interesting insights, and perhaps more importantly, some statistics relating to data breaches (something which as yet is rare to see in the public domain).

If more data of the kind described in these reports were to be made available, it would obviously help IT managers and the like in identifying where vulnerabilities in their managed systems could arise. However it may also help IT managers who want to weigh up both:

• where their security efforts should be concentrated should they wish to try to reduce the risk of a data breach, and;

• where within their sphere of control efforts could be relaxed so as to promote (or at least not inhibit) productivity amongst company employees. Ideally a view of security management should consider both how the users of secured systems will behave, as well as having some sense of the behaviour patterns that those users choose to employ to keep their own part of the business running (one of the core considerations of the Trust Economics project!).

The reports are available as PDF documents from:

http://www.verizonbusiness.com/resources/security/databreachreport.pdf (the main report)

http://www.verizonbusiness.com/resources/security/databreachsuppwp.pdf (the supplemental report)