Ragib Hasan
William Yurcik
ABSTRACT
Many storage security breaches have recently been reported in the mass media as the direct result of new breach disclosure state laws across the United States (unfortunately, not internationally). In this paper, we provide an empirical analysis of disclosed storage security breaches for the period of 2005-2006. By processing raw data from the best available sources, we seek to understand the what, who, how, where, and when questions about storage security breaches so that others can build upon this evidence when developing best practices for preventing and mitigating storage breaches. While some policy formulation has already started in reaction to media reports (many without empirical analysis), this work provides initial empirical analysis upon which future empirical analysis and future policy decisions can be based.
- A chronology of data breaches reported since the choicepoint incident (list). Privacy Rights Clearinghouse http://www.privacyrights.org/ar/ChronDataBreaches.htm.Google Scholar
- Dataloss mailing list. Attrition.org http://attrition.org/security/dataloss.html.Google Scholar
- Entities that suffered large personal data incidents (list). Attrition.org http://attrition.org/errata/dataloss.Google Scholar
- Recommended practices on notice of security breach involving personal information. State of California Department of Consumer Affairs/Office of Privacy Protection, April 2006.Google Scholar
- A. Acquisti, A. Friedman, and R. Telang. Is there a cost to privacy breaches? an event study. In Workshop on the Economics of Information Security (WEIS), 2006.Google Scholar
- C. Conkey. Identity theft: Shielding yourself. July 14, 2006.Google Scholar
- R. Hasan, S. Myagmar, A.J. Lee, and W. Yurcik. Toward a threat model for storage systems. In ACM International Workshop on Storage Security and Survivability (StorageSS), pages 94--102, 2005. Google ScholarDigital Library
- M. Hines. Data losses may spark lawsuits. In eWeek, June 12, 2006.Google Scholar
- P. Mueller. How to survive data breach laws. Network Computing, June 8, 2006.Google Scholar
- B. Schneier. Risks of third-party data. Communications of the ACM, May 2005. Google ScholarDigital Library
- R. Tehan. Personal Data Security Breaches: Context and Incident Summaries. In Congressional Research Service Report for Congress, December 16, 2005.Google Scholar
Index Terms
- A statistical analysis of disclosed storage security breaches
Recommendations
The Security Threats and Corresponding Measures to Distributed Storage Systems
Advanced Parallel Processing TechnologiesAbstractThere are various threats in distributed storage systems, but there is no comprehensive category. There are some research works on threat modeling and the challenges of protecting storage systems, but there is no corresponding security measure to ...
The security threats and corresponding measures to distributed storage systems
APPT'07: Proceedings of the 7th international conference on Advanced parallel processing technologiesThere are various threats in distributed storage systems, but there is no comprehensive category. There are some research works on threat modeling and the challenges of protecting storage systems, but there is no corresponding security measure to these ...
Fusion: coalesced confidential storage and communication framework for the IoT
Comprehensive security mechanisms are required for a successful implementation of the Internet of Things IoT. Existing solutions focus mainly on securing the communication links between Internet hosts and IoT devices. However, as most IoT devices ...
Comments