7Safe UK Security B...
 
Notifications
Clear all

7Safe UK Security Breach Investigations Report 2010

2 Posts
2 Users
0 Likes
269 Views
 Mogy
(@mogy)
Posts: 1
New Member
Topic starter
 

7Safe Cambridge, UK (26th January, 2010) - An analysis of actual data compromise cases has been released by Computer Security and Forensics consulting firm 7Safe and the University of Bedfordshire. Anonymised data has been analysed from over 60 computer forensic investigations undertaken by 7Safe in what makes for fascinating reading.

The UK Security Breach Investigations Report, supported by high profile organisations SOCA (Serious Organised Crime Agency) and the Metropolitan Police’s Police Central e-Crime Unit, is available in digital format free of charge from www.7Safe.com Breach Report

7Safe is a leading Computer Security and Forensics consulting firm offering a diverse portfolio of services in the fields of computer forensics, Incident Response, penetration testing, PCI DSS compliance and audit, eDiscovery / eDisclosure, and IT security training & certification.

To find out more, please visit 7Safe

Thanks

 
Posted : 28/01/2010 2:41 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

in what makes for fascinating reading.

It does make for some fascinating reading, thanks. )

However, and with all due respect for the Authors, I can find in the report conclusions very little beyond the "normal common sense" that any IT managing a site/web resource managing sensible data should already have of should have been thought the very first day of the "basic course" he should have attended (I am talking about the twelve requirements).

I am a bit perplexed by the contents of page 20. 😯

I have the impression that most people will simply look at the very nice chart ) stating that 36% of attacks came from Vietnam and 29% from U.S.A. and, completely avoiding reading the actual text, from which it is clear the absolute lack of connection between the pie and the actual origin of the attacks, draw "false" conclusions.

Since 62 is already a very small sample to draw statistical data from, and the number of cases where an actual trackback was performed (the exact number of which is not specified, but that is clearly a very small sub-set of the 62 cases total), I don't think that the data so well rendered graphically is anywhere near an actual representation of the provenance of the attacks. ?

Maybe the disclaimer about the chart only representing (mostly) just last "hop" should be given more evidence, to avoid "speed readers" get the "wrong" idea (that most the "bad" guys are either in the US or in Vietnam instead of the only conclusions one can draw, which is IMHO that - for reasons unknown - servers or PC's in U.S.A. and Vietnam appear like more easily accessible/exploitable).

jaclaz

 
Posted : 28/01/2010 3:47 pm
Share: