Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Is the Bottom Line Impacted by Security Breaches?

from [Kenneth F. Belva] Network Security [Permanent Link]
Subject: Is the Bottom Line Impacted by Security Breaches?
Date: Wed, 28 Sep 2005 10:22:05 -0400 (EDT) 
White and Case, a top NYC law firm, posted a survey on Data Security
Breach Notifications on September 26, 2005.


From the press release: "Victims of personal data security breaches are

showing their displeasure by terminating relationships with the companies
that maintained their data, according to a new national survey sponsored
by global law firm White & Case. The independent survey of nearly 10,000
adults, conducted by the respected privacy research organization Ponemon
Institute, reveals that nearly 20 percent of respondents say they have
terminated a relationship with a company after being notified of a
security breach."

White and Case Press release:
http://www.whitecase.com/news/news_detail.aspx?newsid=11731&type=News%20Releases

White and Case Paper:
http://www.whitecase.com/files/tbl_s5107Materials/FileUpload5837/151/Security_Breach_Survey.pdf


My research takes a macro approach: "The keynote address will cover
reputational risk in light of recent disclosures of high profile security
incidents at such institutions as CitiFinancial (Citigroup), Bank of
America and Wachovia, Choicepoint, DSW Shoe Warehouse and Polo Ralph
Lauren. The presentation will create a framework for understanding
reputational risk in light of these recent events that may be applicable
to responding to future incidents."

In the paper I ask: "If 40 million customer credit card numbers are
exposed in a security breach at the credit card processor CardSystems, why
do a significant number of people not cancel their Visa and/or
Mastercard?"

Reputational Risk Keynote Presentation:
http://www.ftusecurity.com/pub/FiTechSummit_final_paper.pdf

I am concerned that the survey is self-selecting. In other words, the
people responding to the survey already have a disposition one way or the
other. Of 51,433 people, only 17.8% (9,154) replied. That means 82.2%
(42,279) did not reply!

I'm not a statistician; is 17.8% statistically significant to determine a
general consensus?

The papers may not be directly contradictory to one another. Please keep
that in mind.

I would be interested to know other's opinions on the matter.

Sincerely,
Kenneth F. Belva, CISSP
http://www.ftusecurity.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Is the Bottom Line Impacted by Security Breaches?, Kenneth F. Belva <=
Previous by Date:  Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein, Amit Klein (AKsecurity)
Next by Date:  [Full-disclosure] OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerability, please_reply_to_security
Previous by Thread:  Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities, Joxean Guay del Paraguay
Next by Thread:  [Full-disclosure] OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerability, please_reply_to_security
Indexes:  [Date] [Thread] [Top] [All Lists]