<img alt="dcsimg" id="dcsimg" width="1" height="1" src="//www.qsstats.com/dcsuuvfw300000gkyg9tnx0uc_3f7v/njs.gif?dcsuri=/index.php/c/a/Security/Black-Hat-10-How-PayPal-Minimizes-GRC-Risks-739088/4&amp;WT.js=No&amp;WT.tv=10.4.1&amp;dcssip=www.cioinsight.com&amp;WT.qs_dlk=XGzTf5SwRNJRKwGVNhCaNgAAABI&amp;">

Highlights from the Verizon 2010 Data Breach Investigations Report

By Sean Martin  |  Posted 07-30-2010 Print
  • The DBIR series now spans six years, 900+ breaches, and over 900 million compromised records
  • The current dataset contains 141 confirmed breach cases worked by Verizon and the USSS in 2009
  • Organizations with 101 - 10,000 employees were targets of nearly half (49%) of all breaches
  • 86% of victims had evidence of the breach in their log files
  • 96% of breaches were avoidable through simple or intermediate controls
  • 79% of victims subject to PCI DSS had not achieved compliance

In addition to being proactive in risk and security management, organizations can also benchmark their data against that of other organizations to generate comparative results, enabling organizations to measure themselves against other firms.To implement a successful risk management program, an organization's best bet is to set aside faith by collecting as many datasets as possible, analyzing the collected data against its own metrics to identify trends and patterns. In addition to their own analysis, the organization should consider sharing the information with a trusted risk and incident analysis community leader, such as Verizon Business, thereby incorporating the community-based findings in their ongoing information analysis and incident response activities

Sean Martin, CISSP, is founder of imsmartin consulting. He can be reached at sean@imsmartinc.com.


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.