Title :
Standardizing Breach Incident Reporting: Introduction of a Key for Hierarchical Classification
Author :
Ayres, Lee T. ; Curtin, C. Matthew ; Ng, Thomas A.
Author_Institution :
Interhack Corp., Columbus, OH, USA
Abstract :
Organizations maintaining information want to understand how to protect it and to do so in a way that will be the most effective. In the US, most states have passed laws requiring notification of breaches, without specifying any particular requirements with respect to the cause-either root or proximate. In earlier research we proposed a hierarchical taxonomy by which we can classify breaches by proximate cause based on publicly available information that is both accurate and as precise as the data will allow. Our analysis showed statistically significant correlations between breach type and some industries. In the present work, we discuss the use of a key to improve consistency in the classification of breaches with our taxonomy. We find that the key achieves its objective of increasing consistent classification of breaches, but that challenges remain in the use of unstructured data apparently designed primarily to assure the public that no particular harm has come as a result of the breach.
Keywords :
information systems; security of data; breach incident reporting; hierarchical classification key; organizations; unstructured data; Collaborative work; Data engineering; Digital forensics; Information analysis; Information security; Law; Maintenance engineering; Protection; Standardization; Taxonomy; breach analysis; breach classification; data breach; security incident analysis;
Conference_Titel :
Systematic Approaches to Digital Forensic Engineering (SADFE), 2010 Fifth IEEE International Workshop on
Conference_Location :
Oakland, CA
Print_ISBN :
978-0-7695-4052-8
DOI :
10.1109/SADFE.2010.19
