A tweet by @jack_daniel reminded me of a graphic used (on slide 6, I now am reminded) of a presentation I delivered at the 2007 FIRST conference. Turns out that that while I had blogged about the presentation and made it available for download, the link is dead because I decommissioned the server. I wrote at the time, the main takeaways were intended to be:
That with the availability of breach reports direct from states with central reporting, such as New York, it is possible to measure part of our ignorance when we rely solely on published breach reports — even the best available sources (such as
Attrition’s DLDOSDataLossDB) undercount breaches dramatically, and are biased toward larger incidents. That we are still at the leading edge of an explosion of information, and that we should not draw hasty conclusions until more facts are in. That, as Emil Faber might put it, “Knowledge is Good” and is not that painful to provide. And finally, primary materials such as breach reports are useful artifacts not only because they tell us dry facts in a standardized format (but that IS nice), but also because the notices themselves are interesting evidence of how firms talk to their customers about a difficult topic.
Here’s a PDF of the presentation(along with my speaker notes).