« Policies for Open Source Software Use | Main| Assumptive Technology »

Unknown Unknowns


Bookmark : del.icio.us  Technorati  Digg This  Add To Furl  Add To YahooMyWeb  Add To Reddit  Add To NewsVine 

This morning I was reviewing a data breach study done by Verizon Business. There is a lot of excellent data there, and I would encourage all of you to check it out when you have a chance.

There were many interesting statistics reported, but a couple of the more interesting to me were:
  • 42% of data breaches occur from either the database server (30%) or application server (12%). However 94% of data records breached are from these sources (75% and 19% respectively)
  • 67% of records compromised was data companies didn’t know they had. They didn’t even know they had it!
    •  According to Verizon Business, “unknown unknowns” are any of the following:
  • A system unknown to the organization (or business group affected)
  • A system storing data that the organization did not know existed on that system
  • A system that had unknown network connections or accessibility
  • ·A system that had unknown accounts or privileges
    •  The timing is interesting, because Teamstudio has a webinar this week (Wednesday, 2:00 pm ET) called Streching Your Domino Dollars. Although the primary focus of this webinar is to help you identify ways you can reduce IT costs, many of these tactics also serve to reduce company risks, especially as they relate to unknown unknowns. Of course if you cannot make the live event, the webinar will be available on demand. Just check out the events page on our website for availability.

    Scott

    Posted by Scott Johnsen On 05/10/2009 | Digg This |

    Comments

    Gravatar Image1 - In the realm of risk, unmanaged possibilities become probabilities: These data breaches and thefts are due to a lagging business culture. As CIO, I'm always looking for ways to help my team, business teams, and ad hoc measures of various vendors, contractors and internal team members. A book that is required reading (specific chapters, depending on nature of projects) is "I.T. Wars: Managing the Business-Technology Weave in the New Millennium." It has a great chapter regarding security (among others).

    We keep a few copies kicking around - it would be a bit much to expect outside agencies to purchase it on our say-so. But, particularly when entertaining bids for projects, we ask potential solutions partners to review relevant parts of the book, and it ensures that these agencies understand our values and practices.

    The author, David Scott, has an interview here that is a great exposure: { Link }

    The book came to us as a tip from one of our interns who attended a course at University of Wisconsin, where the book is in use; I like to pass along things that work, in the hope that good ideas continue to make their way to me. I hope you can make use of this info...

    Posted by John Franks At 01:52:24 PM On 05/10/2009 | - Website - |


    Gravatar Image2 - John - After reading the David Scott interview, I'm very interested in learning more. This looks to be an excellent source for learning more about managing risk. Thanks for the tip.

    Posted by Scott Johnsen At 06:37:44 AM On 05/11/2009 | - Website - |


    Post A Comment

    :-D:-o:-p:-x:-(:-):-\:angry::cool::cry::emb::grin::huh::laugh::lips::rolleyes:;-)