The security data and survey directory
Security data. Everybody needs it. Lots of companies and organizations are producing it. Here's where to find it.
Data Security and Data Breaches
Data Breach Investigations Report
Conducted by: The Verizon RISK Team in cooperation with the U.S. Secret Service.
Sponsored by: Unsponsored
Origin of data: The primary dataset in 2010 analyzed in this report contains the 141 confirmed breach cases worked by Verizon (57) and the
USSS (84) in 2009.
Survey examines origins and frequency of breaches, who caused tham and what they have in common. Latest report is 2011.
Analysis: 5 years of data breaches published 2010; PDF link at bottom of page
Conducted by: Digital Forensics Association
Origin of data: Study of 2,800 data loss incidents from public sources. Laptop thefts the most common source of loss; in cases of insider involvement, accidental loss more common.
Securosis 2010 Data Security
Survey
Conducted by: Securosis, L.L.C.
Sponsored by: Imperva
Number of respondents: 1,176
Roughly half of responding organizations have some form of data security controls deployed; e-mail filtering was listed as the most common control and also
the least effective. While 88 percent of respondents must meet at least one regulatory requirement, "to improve security" was the most common driver for
adding data security controls.
Application Security: It's a Case of Good News/Bad News
Conducted by: BankInfoSecurity.com
Sponsored by: Unsponsored
Number of respondents: More than 100 banking/security leaders from financial institutions of all sizes.
Note: Registration required for full results.
Survey guages perceived strength of financial institutions' application security programs; 81 percent are only somewhat or not at all confident in the security of third-party applications.
Federal Cyber Security Outlook for 2010 Survey
Conducted by: Ernst & Young
Sponsored by: Unsponsored
Number of respondents: Nearly 1,900 organizations worldwide across all major industries.
12th annual survey finds forty-one percent of respondents reported increased internal attacks while 25 percent saw a rise in internal attacks; 50 percent plan to spend more this year to improve information security risk management.
2010 HIMSS Analytics Report: Security of Patient Data
Conducted by: HIMSS Analytics
Sponsored by: Kroll Fraud Solutions
Number of respondents: 250 senior information technology (IT) executives, Chief Security Officers and Health Information Management (HIM) Directors/Managers, Compliance Officers and Privacy Officers.
A study on the shift to electronic health records (EHRs) over the next several years highlights the inability of healthcare providers to adequately secure data—even in the face of increased regulation of the HIPAA and HITECH acts.
Registration required
Employees Put Personal Security, Interests Above Company's
Conducted by: Trend Micro
Sponsored by: Unsponsored
Number of respondents: 1,600 end users in the U.S., U.K, Germany and Japan.
Survey examines employees' unsanctioned use of corporate networks and tools. About half of respondents admitted leaking confidential data through a Web mail account; 60 percent of mobile workers and 44 percent of stationary workers also admitted to having done so through IM or social media applications.
Outbound Email and Data Loss Prevention in
Today's Enterprise, 2010
Conducted by: Osterman
Sponsored by: Proofpoint
Number of respondents: 261 responses from companies with 1,000 or more employees.
Note: Registration required
Managing the risks of outbound e-mail, blog postings, social media, mobile devices, etc. is the focus of this survey. One quarter of U.S. companies
investigated the leakage of confidential, sensitive or private information via a blog or message board posting; 24 percent disciplined an employee for such a breach in the last year. One fifth investigated a similar breach involving a social networking site.
Business Risk
of a Lost Laptop: A Study of U.S. IT Practitioners
Conducted by: Ponemon Institute LLC
Sponsored by: Dell Corporation
Number of respondents: 714 IT and IT security practitioners with an average of almost 7.5 years of domain-specific experience.
2009 study looks at the business risk of poor laptop security. Sixty-five percent of respondents say the number of lost or stolen laptops is up from
previous years; 75 percent say they know of an incident in their organization where sensitive or confidential data was at risk because of a lost or stolen laptop computer.
60 Percent of Facebook Users Consider Quitting over Privacy
Conducted by: Sophos
Sponsored by: Unsponsored
Number of respondents: 1,588 Facebook users.
Concerns over privacy settings and sharing private information have prompted nearly two thirds of Facebook users to consider leaving the social networking service and 16 percent more say they have already stopped.
2009 Annual Study: Cost of a Data Breach
Conducted by: Ponemon Institute LLC
Sponsored by: PGP Corporation
Number of respondents: 45 organizations from 15 different industry sectors.
Survey released in January 2010 reports that, contrary to what many believe, the overall cost of data breaches is increasing, though slowly (up 2 percent over 2008). It also found that breaches caused by malaicious attackers or botnets cost 40 percent more than those caused by negligence or a system problem.
Password Security Survey 2009
Conducted by: ElcomSoft
Sponsored by: Unsponsored
Number of respondents: About 1,000 security and IT professionals from more than 70 countries.
Up to 77 percent of computer users use a single password to access multiple applications and websites. It also examines password reuse for
multiple accounts, passwords written down and use of weak passwords.
Cloud Computing A
Transformative Technology with Financial Benefits; Security Concerns, Too: Deloitte Poll
Conducted by: Deloitte
Sponsored by: Unsponsored
Number of respondents: More than 750 technology executives ranging from upper management to consultant across multiple industries.
A 2009 webcast-based poll found 60 percent of executives believe cloud computing will benefit enterprise services but 35 percent remain concerned about security and privacy.
The Cost of a
Lost Laptop
Conducted by: Ponemon Institute LLC
Sponsored by: Intel Corporation
Number of respondents: N/A
The 2009 study examined 138 cases involving laptop computers lost by an employee, a temporary worker or contractor. Based on replacement cost, lost intellectual property and other factors, the average value is an estimated $49,246. In cases examined by the study, 80 percent of that cost was attributed to lost intellectual property.
Why Encrypt? Federal File Transfer Report
Conducted by: MeriTalk
Sponsored by: Axway
Number of respondents: 200 Federal IT and information security professionals.
Note: Registration required.
Comprehensive 2010 survey examines data security at federal agencies. It finds that more than half of employees use personal email, CDs, DVDs,
FTP, and USB drives to transfer business files despite known risks. Sixty-two percent of respondents said file transfer security is a top
priority, and 80 percent call their agency's secure file transfer policies adequate but only 58 percent say employees are aware of those
policies.
Airport Insecurity: The Case of Lost Laptops
Conducted by: Ponemon Institute
Sponsored by: Dell
Number of respondents: 864 business air travelers in the U.S.
2008 survey reports that, on average, 12,255 laptops go missing at U.S. airports each week and 42 percent don't back up the data in their
laptop computers. Only one-third of those turned into airport Lost and Found departments are ever reclaimed.
Security of Paper Documents in
the Workplace
Conducted by: Ponemon Institute
Sponsored by: Alliance for Secure Business Information
Number of respondents: 819 individuals who work in IT operations, IT security, data protection and compliance in large organizations in a variety of
industries.
This 2008 study appears to stand the test of time and has not been replaced by more current research. Eighty percent of respondents said they had one or
more data breaches in the past 12 months; of those, 49 percent said one or more of the breaches involved the loss or theft of paper documents. Seventy-one
percent of respondents acknowledge an incident in which sensitive or confidential paper documents were lost or misplaced in their organizations.
Software and Application Security
The Building Security In Maturity Model (BSIMM)
Respondents: 30 organizations engaged in large-scale software development.
A survey-based benchmarking study on software security.
Registration required.
Application Security: It's a Case of Good News/Bad News
Conducted by: BankInfoSecurity.com
Sponsored by: Unsponsored
Number of respondents: More than 100 banking/security leaders from financial institutions of all sizes.
Survey guages perceived strength of financial institutions' application security programs; 81 percent are only somewhat or not at all confident in the security of third-party applications.
Registration required.
WhiteHat Website Security Statistics Report
Methodology: Through managed monitoring services, analysis of more than 2,000 websites from 350 client organizations
Fall 2010 highlights: Large organizations more likely to have serious vulnerabilities.
Veracode State of Software Security
"Intelligence gleaned from analyzing billions of lines of code submitted to Veracode for independent verification of software security from more than 15 industries".
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
Database security: At rest, not at risk
IT risk assessment frameworks
How to do end-to-end encryption
Also find sample data protection policies in CSO's tools, templates and policies library
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs
- Content Analytics Explained
- Attacks from China: A survival guide
Chinese cyberattack activity is back in the news this morning, with new details emerging on new attacks. Here's a collection of stories to help infosec pros better understand the threat. - #FFSec: Infosec pros who bring value to Twitter
- B-Sides Boston is Saturday
More Salted Hash with Bill Brenner
