From: Sasha Romanosky (sromanosandrew.cmu.edu)
Date: Tue Apr 06 2010 - 12:29:30 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI,

While nicely packaged, I don't see any new information here, esp. regarding
costs of breaches (they just cite ponemon).

> -----Original Message-----
> From: dataloss-discuss-bouncesdatalossdb.org
> [mailto:dataloss-discuss-bouncesdatalossdb.org] On Behalf Of
> Jake Kouns
> Sent: Sunday, April 04, 2010 8:43 PM
> To: dataloss-discussdatalossdb.org; datalossdatalossdb.org
> Subject: [Dataloss-discuss] Guide puts a price tag on
> security breaches
>
> http://www.nextgov.com/nextgov/ng_20100331_6223.php
>
> BY ALIYA STERNSTEIN 03/31/2010
>
> Public and private sector chief financial officers should
> develop a budget that calculates the gross financial risk a
> security breach could pose to their organization, according
> to a new report from a U.S. standards body and a security
> trade association.
>
> The 76-page guide comes in response to a 60-day White House
> review last year of the nation's cybersecurity infrastructure
> that found quantifying the value of protection motivates
> organizations to address vulnerabilities. The document --
> written by the American National Standards Institute and the
> Internet Security Alliance, a nonprofit electronic industry
> group that is affiliated with Carnegie Mellon University --
> assigns dollar figures to information losses and advises CFOs
> on the financial management of cyber risk.
>
> The instructions apply both to federal and corporate CFOs,
> said Karen Hughes, ANSI's director of homeland security standards.
>
> "The overarching message this document puts forward is that
> the single biggest threat to cybersecurity is
> misunderstanding," she said. "CFOs from the public and
> private sectors alike must look at cybersecurity as an
> enterprise- [and] agency-wide issue and not just an IT issue,
> to ultimately reduce vulnerabilities to cyberattacks and
> their financial implications."
>
> The handbook is based on the premise that companies today,
> most of which depend on the Internet to survive, have
> relegated data security to an isolated, and often underfunded, unit.
>
> The publication estimates a data breach of 10,000 records
> containing personal identification information would cost
> about $1.6 million, assuming the company carried breach
> insurance with an 80 percent coverage of direct costs. That
> sum includes direct expenses for investigations and
> forensics, consulting services, notification of affected
> individuals, public relations, legal defense, and credit and
> identity monitoring -- as well as the indirect cost of lost business.
> The handbook cites several analytical models to help chiefs
> assess costs and benefits.
>
> [..]
> _______________________________________________
> Dataloss-discuss Mailing List
> (dataloss-discussdatalossdb.org) Archived at
> http://seclists.org/dataloss/
>
> Get business, compliance, IT and security staff on the same
> page with CREDANT Technologies: The Shortcut Guide to
> Understanding Data Protection from Four Critical
> Perspectives. The eBook begins with considerations important
> to executives and business leaders.
> http://www.credant.com/campaigns/ebook-chpt-one-web.php
>
>

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]