ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A statistical analysis of disclosed storage security breaches
Full text PdfPdf (422 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the second ACM workshop on Storage security and survivability table of contents
Alexandria, Virginia, USA
SESSION: Studies and surveys table of contents
Pages: 1 - 8  
Year of Publication: 2006
ISBN:1-59593-552-5
Authors
Ragib Hasan  University of Illinois at Urbana-Champaign
William Yurcik  University of Illinois at Urbana-Champaign
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 19,   Downloads (12 Months): 114,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1179559.1179561
What is a DOI?

ABSTRACT

Many storage security breaches have recently been reported in the mass media as the direct result of new breach disclosure state laws across the United States (unfortunately, not internationally). In this paper, we provide an empirical analysis of disclosed storage security breaches for the period of 2005-2006. By processing raw data from the best available sources, we seek to understand the what, who, how, where, and when questions about storage security breaches so that others can build upon this evidence when developing best practices for preventing and mitigating storage breaches. While some policy formulation has already started in reaction to media reports (many without empirical analysis), this work provides initial empirical analysis upon which future empirical analysis and future policy decisions can be based.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
A chronology of data breaches reported since the choicepoint incident (list). Privacy Rights Clearinghouse http://www.privacyrights.org/ar/ChronDataBreaches.htm.
 
2
Dataloss mailing list. Attrition.org http://attrition.org/security/dataloss.html.
 
3
Entities that suffered large personal data incidents (list). Attrition.org http://attrition.org/errata/dataloss.
 
4
Recommended practices on notice of security breach involving personal information. State of California Department of Consumer Affairs/Office of Privacy Protection, April 2006.
 
5
A. Acquisti, A. Friedman, and R. Telang. Is there a cost to privacy breaches? an event study. In Workshop on the Economics of Information Security (WEIS), 2006.
 
6
C. Conkey. Identity theft: Shielding yourself. July 14, 2006.
7
Ragib Hasan , Suvda Myagmar , Adam J. Lee , William Yurcik, Toward a threat model for storage systems, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA  [doi>10.1145/1103780.1103795]
 
8
M. Hines. Data losses may spark lawsuits. In eWeek, June 12, 2006.
 
9
P. Mueller. How to survive data breach laws. Network Computing, June 8, 2006.
10
Bruce Schneier, Risks of third-party data, Communications of the ACM, v.48 n.5, May 2005  [doi>10.1145/1060710.1060744]
 
11
R. Tehan. Personal Data Security Breaches: Context and Incident Summaries. In Congressional Research Service Report for Congress, December 16, 2005.

CITED BY  2
Pieter H. Hartel , Leon Abelmann , Mohammed G. Khatib, Towards tamper-evident storage on patterned media, Proceedings of the 6th USENIX Conference on File and Storage Technologies, p.1-14, February 26-29, 2008, San Jose, California
Ragib Hasan , Radu Sion , Marianne Winslett, Introducing secure provenance: problems and challenges, Proceedings of the 2007 ACM workshop on Storage security and survivability, October 29-29, 2007, Alexandria, Virginia, USA

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.2 Storage Management

  H. Information Systems
  H.3 INFORMATION STORAGE AND RETRIEVAL
      H.3.4 Systems and Software


General Terms:
Economics, Legal Aspects, Security


Keywords:
breach disclosure laws, security breaches, storage security

Collaborative Colleagues:
Ragib Hasan: colleagues
William Yurcik: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player