OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Dataloss] An amazing use of DLDOS

From: George Toft (georgemyitaz.com)
Date: Wed Sep 06 2006 - 12:24:03 CDT


What would also make the database really useful for research is if we
could categorize the primary (and secondary) causes of the loss. For
example:
pri_cause - laptop theft
sec_cause - policy violation

What is important to me as I make presentations are the percentages of
dataloss relating to stolen laptops or burglaries. Institutions
involved come up as well.

Nice to have would be the category of businesses affected (Government,
University, Medical, Financial) and perhaps the regulations affecting
the data loser (HIPAA, GLBA, FACTA, SOX, or State Legislation). Some of
this is obvious, some requires research.

George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
480-544-1067

Confidential data protection experts for the financial industry.

Chris Walsh wrote:
> Nice.
>
> These records need a unique identifier to facilitate linkage of information
> from other tables.
>
> For example, I have:
>
> address
> stock symbol
> exchange
> NAIC industry code
> Date of actual breach
> Date of breach discovery
> Links to primary sources (NY state reporting forms, notice letters)
>
> for many of these.
>
> Perhaps you can backfill a unique identifier into the CSV file for now,
> and when future records are added, they can look like this:
>
> CWALSH-MMDDYYYY-nnn
>
> This way, you will not have any collisions
> (unless another C. Walsh comes along), and you will not need to pre-assign
> blocks of numbers to anyone who wishes to report. Should John Smith and
> Jim Smith both decide to get into the act, then perhaps the dreaded "jsmith02"
> solution can be adopted.
>
> If someone objects to a tag like 'cwalsh' going into the db, then
> they would need to say so. Presumably, a privacy-conscious group like
> this will be able to work through the issue.
>
> This is all off the top of my head as far as the implementation, but I have
> thought at some length about the need for an identifier.
>
> Thoughts?
>
> Chris
>
> P.S. I love how these guys write something spiffy in 3 days. I am eager
> to see what can be done with an "expanded" DB. I "know", for example, that
> Google Maps could be used to great effect with this information. If I could
> code my way out of a wet paper bag, I'd be on the case.
>
>
> On Tue, Sep 05, 2006 at 08:19:40PM -0400, lyger wrote:
>
>>Our friends at mailerblog.com have applied attrition.org's Data Loss
>>Database - Open Source in quite a cool way:
>>
>>http://www.mailerblog.com/dataloss/dataloss.php
>>
>>If anyone else has any ideas, the raw data can be found here:
>>
>>http://attrition.org/dataloss/dataloss.csv
>>_______________________________________________
>>Dataloss Mailing List (datalossattrition.org)
>>http://attrition.org/dataloss
>>Tracking more than 143 million compromised records in 337 incidents over 6 years.
>>
>
> _______________________________________________
> Dataloss Mailing List (datalossattrition.org)
> http://attrition.org/dataloss
> Tracking more than 143 million compromised records in 337 incidents over 6 years.
>
>
>
>
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 143 million compromised records in 337 incidents over 6 years.