[Owasp-cincinnati] Addressing security in the workplace

Marco M. Morana marco.m.morana at gmail.com
Tue Oct 6 22:05:36 EDT 2009


Well there is no really agreement all across the map on how much  is insider
threat comparing with outside.

 

Verizon study for example reports  that only 20% of breaches were caused by
insiders

http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp
.pdf

 

The ITRC study reports 15.7% in 2008 and 18% in 2009

http://www.idtheftcenter.org/artman2/publish/m_press/2008_Data_Breach_Totals
_Soar.shtml

http://www.idtheftcenter.org/artman2/uploads/1/ITRC_Breach_Stats_-_Insider_T
heft_Summary_20090930.pdf

 

The 80% comes from quoting a 17 years old study from FBI

http://taosecurity.blogspot.com/2009/05/insider-threat-myth-documentation.ht
ml

 

The 2007 e-Crime survey reports a 49% in 2007 in declining trend but that
was before we had the economy in depression

http://www.cert.org/insider_threat/

 

According to datalossdb.org inside count for overall of 30% of attack
vectors 65% from outside and 5% unknown

http://datalossdb.org/statistics

 

Regards

 

Marco

 

 

 

From: owasp-cincinnati-bounces at lists.owasp.org
[mailto:owasp-cincinnati-bounces at lists.owasp.org] On Behalf Of Brad Gardner
Sent: Tuesday, October 06, 2009 10:43 AM
To: owasp-cincinnati at lists.owasp.org
Subject: Re: [Owasp-cincinnati] Addressing security in the workplace

 

Thanks Sachin and James for the replies.  We are responding to an RFP for a
large project that will sit inside of a large network.  The comments and
resources will certainly help make the case for making security a higher
priority when speaking with the administrative folks that are putting
together the proposal.

Thanks again for the input!

Brad Gardner
Mailto: bgardner87 at gmail.com 

 

On Tue, Oct 6, 2009 at 10:25 AM, Sachin Pawaskar <Sachin at skipjack.com>
wrote:

The article below will help your case as well..

 

http://www.darkreading.com/insiderthreat/security/government/showArticle.jht
ml;jsessionid=BF0TBMACFD5XNQE1GHPCKH4ATMY32JVN?articleID=220301087#
<http://www.darkreading.com/insiderthreat/security/government/showArticle.jh
tml;jsessionid=BF0TBMACFD5XNQE1GHPCKH4ATMY32JVN?articleID=220301087> 

 

 

From: Sachin Pawaskar 
Sent: Tuesday, October 06, 2009 10:08 AM
To: 'bgardner87 at gmail.com'
Subject: FW: [Owasp-cincinnati] Addressing security in the workplace

 

See if the attached helps..

 

From: owasp-cincinnati-bounces at lists.owasp.org
[mailto:owasp-cincinnati-bounces at lists.owasp.org] On Behalf Of Brad Gardner
Sent: Tuesday, October 06, 2009 9:56 AM
To: owasp-cincinnati at lists.owasp.org
Subject: [Owasp-cincinnati] Addressing security in the workplace

 

I was hoping that someone could point me to a few resources.  One of the
common thought processes that I am seeing at work has become "This
application is strictly internal, so we don't need to worry about security".
I know that security inside the perimeter should be of significant concern,
and have found some tech talks and ebooks that suggest up to 80% of attacks
come from inside the corporate network.  Is this an accurate number?
Furthermore, if anyone has any thoughts or resources to share on this
subject, and particularly strategies for eliminating this mindset in the
workplace, I would be very interested to hear them.

Thanks,

Brad Gardner
Mailto: bgardner87 at gmail.com 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20091006/c8657b70/attachment.html 


More information about the Owasp-cincinnati mailing list