http://emergentchaos.com/archives/2007/04/bejtlich-gets-it-its-about-empiricism.html The Emergent Chaos Jazz Combo Wed, 01 Feb 2012 19:20:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://emergentchaos.com/archives/2007/04/bejtlich-gets-it-its-about-empiricism.html/comment-page-1#comment-3523 Iang Thu, 19 Apr 2007 17:56:26 +0000 http://emergentchaos.com/?p=2321#comment-3523 On digging a hole for oneself with data: Here's some <a href="http://www.optimizemag.com/showArticle.jhtml?articleId=199100718" rel="nofollow">commentary on costs</a> at a per record level. Snippets on <a href="https://financialcryptography.com/mt/archives/000886.html" rel="nofollow">FC</a> of course. On digging a hole for oneself with data: Here’s some commentary on costs at a per record level. Snippets on FC of course.

]]> http://emergentchaos.com/archives/2007/04/bejtlich-gets-it-its-about-empiricism.html/comment-page-1#comment-3522 Iang Tue, 17 Apr 2007 12:14:56 +0000 http://emergentchaos.com/?p=2321#comment-3522 I forget the precise details, but as it is explained to me, under the European Data Directive, it's either a 25k euros fine or a 50k euro fine for each individual PII that is lost. In simple terms: lose your database, file for bankruptcy. (I should check the details though...) I forget the precise details, but as it is explained to me, under the European Data Directive, it’s either a 25k euros fine or a 50k euro fine for each individual PII that is lost.
In simple terms: lose your database, file for bankruptcy.
(I should check the details though…)

]]> http://emergentchaos.com/archives/2007/04/bejtlich-gets-it-its-about-empiricism.html/comment-page-1#comment-3521 Chris Tue, 17 Apr 2007 10:59:23 +0000 http://emergentchaos.com/?p=2321#comment-3521 Iang: What is the reasoning behind: "The money lost for a European compromise of PII by an external hacker is much higher again"? Iang:
What is the reasoning behind: “The money lost for a European compromise of PII by an external hacker is much higher again”?

]]> http://emergentchaos.com/archives/2007/04/bejtlich-gets-it-its-about-empiricism.html/comment-page-1#comment-3520 Iang Tue, 17 Apr 2007 04:13:32 +0000 http://emergentchaos.com/?p=2321#comment-3520 Imagine you have nailed the insider/outsider question, solid. Say, 67.4% versus 32.1% and some spillage. So what? Generally, all questions reduce to money: where do I lose money. Only in the context of how much money is lost by the threats does any question make sense. I would suggest that the money lost according to each American PII set that is compromised by an external hacker is in a tiny infinitesimal region ... and the loss from insider compromises much higher. (But I have no data to back that up!) (The money lost for a European compromise of PII by an external hacker is much higher again, so the analysis changes depending on where you are.) Imagine you have nailed the insider/outsider question, solid. Say, 67.4% versus 32.1% and some spillage.
So what?
Generally, all questions reduce to money: where do I lose money. Only in the context of how much money is lost by the threats does any question make sense.
I would suggest that the money lost according to each American PII set that is compromised by an external hacker is in a tiny infinitesimal region … and the loss from insider compromises much higher. (But I have no data to back that up!)
(The money lost for a European compromise of PII by an external hacker is much higher again, so the analysis changes depending on where you are.)

]]> http://emergentchaos.com/archives/2007/04/bejtlich-gets-it-its-about-empiricism.html/comment-page-1#comment-3519 John Moore Mon, 16 Apr 2007 01:12:38 +0000 http://emergentchaos.com/?p=2321#comment-3519 Self-inflicted wounds can be the most deadly, unfortunately. There's always a balancing act between convenience and security/privacy and usually convenience wins (at least in business and academia). Until security is built in by design, rather than as an afterthought, gaffes that lead to compromises and data breaches will continue. Network security will evolve one way or another. Perhaps users will become smarter and more security savvy. Who knows what the future holds? Self-inflicted wounds can be the most deadly, unfortunately. There’s always a balancing act between convenience and security/privacy and usually convenience wins (at least in business and academia). Until security is built in by design, rather than as an afterthought, gaffes that lead to compromises and data breaches will continue. Network security will evolve one way or another. Perhaps users will become smarter and more security savvy. Who knows what the future holds?

]]> http://emergentchaos.com/archives/2007/04/bejtlich-gets-it-its-about-empiricism.html/comment-page-1#comment-3518 Adam Mon, 16 Apr 2007 00:08:06 +0000 http://emergentchaos.com/?p=2321#comment-3518 Pete, It's about being able to settle this debate. How the data gets used is secondary. Pete,
It’s about being able to settle this debate. How the data gets used is secondary.

]]> http://emergentchaos.com/archives/2007/04/bejtlich-gets-it-its-about-empiricism.html/comment-page-1#comment-3517 Pete Sun, 15 Apr 2007 23:34:18 +0000 http://emergentchaos.com/?p=2321#comment-3517 Are you assuming that you should care about insider/outsider due to the techniques they might use, the potential access points on the network, or the fact that they might have some enhanced knowledge of systems/data/information? Are you assuming that you should care about insider/outsider due to the techniques they might use, the potential access points on the network, or the fact that they might have some enhanced knowledge of systems/data/information?

]]>