In its fourth annual study on data breaches, the Ponemon Institute examined the costs of 43 companies that had been hit by a data breach. The study found, not surprisingly, that the cost per record breached had risen (actual numbers coming up).
I have always thought it ironic that one of the biggest obstacles to getting organizations to take action on issues of data privacy and security is a lack of data, namely data about what a security failure might cost. If known, that cost can then be weighed against the cost of putting security measures in place.
After all, Adam and Eve did not cover their bodies in the garden of Eden, likewise organizations operating in crime-free utopias have no need to spend money to protect against data exposures. In the real world, however it is sad but true that a certain percentage of people are not sufficiently constrained by either personal ethics or a fear of consequences and go about steal data for personal gain.
Thus the need for security spending to avoid the costs, which are now averaging over $200 per record. So, next time you read a story about some bank or retailer exposing thousands of records, you can just multiply by $200 to figure the hit they have just taken).
This study is more good work by Larry Ponemon and the Ponemon Institute. Consistently reliable data over time is particularly useful. For example, if you read up on all the data breaches that have been happening you might have formed the impression that more of them are now coming from third parties, i.e. people who process customer data for retailers, banks, etc. And the survey shows that yes, third party data breaches were reported by more organizations in 2008 than in 2005 (21% then, 44% now). Less predictable perhaps is the finding that third party data breaches are more expensive, $231 per compromised record versus an overall average of $202.
As you might expect, breaches experienced by data loss "virgins" are more costly, $243 versus $192 for "experienced" companies, sardonically referred to as "repeat data screw-ups" by Larry Dignan in the TechRepublic blog post referenced at the beginning of this post. What surprised and saddened me is that more than 84% of all cases examined by Larry Ponemon's team were repeat data breach offenders.
Sadly, until there is an uptick in the general standards of human behavior, things are likely to carry on like this. Data entrusted to the feckless will be exposed by the lawless, innocent lives will be disrupted, money will be lost, and the cost to defend against miscreants will mount.
Blog Backlog: Computer Security Handbook 5th Edition Launches
I got a nice nod last week from Norwich University in an article about Wiley's soon to be launched 2,000 page behemoth: "Computer Security Handbook, 5th Edition."
It turns out that 37 of the 80 chapters are by people with Norwich connections. That includes me (Chapters 4, 7, 15, 20) and Chey (Chapters 15, 41, 73).
Although I got interviewed for the article, to highlight cooperation between Norwich professors and students, I kind of wish they had also mentioned Chey. She wrote a lot of the curriculum material for the original Master of Science in Information Assurance at Norwich. And I think she and I are the only couple to work together on a chapter in the new opus (Chapter 15: Penetrating Computer Systems and Networks, also with Mich Kabay).
On the whole, David Corriveau did a good job with the article. Hopefully, my comments conveyed the fact that Mich Kabay should get the credit my collaboration with Corinne LeFrançois at the NSA. It was a classic electronic encounter. Pure email, we never met in person. (It is worth noting that I also met Mich online, about twenty years ago, while I was living in Scotland and he was living in Montreal. That was back in the days of CompuServe.)
Mich is the one is the thread that runs through all of this, the MSIA program and the Computer Security Handbook, both CSH4 and CSH5. And with that, we wish the best of luck to "Computer Security Handbook 5th Edition" and all who sail in her!
It turns out that 37 of the 80 chapters are by people with Norwich connections. That includes me (Chapters 4, 7, 15, 20) and Chey (Chapters 15, 41, 73).
Although I got interviewed for the article, to highlight cooperation between Norwich professors and students, I kind of wish they had also mentioned Chey. She wrote a lot of the curriculum material for the original Master of Science in Information Assurance at Norwich. And I think she and I are the only couple to work together on a chapter in the new opus (Chapter 15: Penetrating Computer Systems and Networks, also with Mich Kabay).
On the whole, David Corriveau did a good job with the article. Hopefully, my comments conveyed the fact that Mich Kabay should get the credit my collaboration with Corinne LeFrançois at the NSA. It was a classic electronic encounter. Pure email, we never met in person. (It is worth noting that I also met Mich online, about twenty years ago, while I was living in Scotland and he was living in Montreal. That was back in the days of CompuServe.)
Mich is the one is the thread that runs through all of this, the MSIA program and the Computer Security Handbook, both CSH4 and CSH5. And with that, we wish the best of luck to "Computer Security Handbook 5th Edition" and all who sail in her!
Blog Backlog: A shout out to the frozen ones
[Looking for the home page of the Stephen Cobb Blog? Please click here.]
Author's note: I feel passionately about this topic, so the language below is a bit edgy. However, revisiting this page seven years later it strikes me that my anger is still justified. I still haven't heard a socially responsible reason for not putting power lines underground, where they belong. I first wrote this while living in a rural area, but vast swathes of urban and suburban America still rely on exposed power lines strung between poles. Later when we moved to San Diego I read about that city's plan to put all utility lines underground. Why don't more cities do this?
Anyway, here's what I wrote in the winter of oh nine: Did the blogosphere or the wider economy register a dip in activity last week due to people not blogging because the power was out due to freezing rain? (I suspect tweeting from smartphones picked up the slack for some, at least while the batteries lasted.)
One headline said a million homes were without power. That's sad. And it is tough for all affected. But what really struck me about last week was the UTTER STUPIDITY OF DOWNED POWER LINES.
A million homes without power? Come on America, we can do better than that. Scores of deaths due to mistakes with make-do heating arrangements? Why? Because collectively speaking our country is too greedy/dumb/short-sighted to bury the power lines.
I'm not saying I'm angry about this, but I'm about ready to slap the first person who says "It costs to much." Compared to WHAT? The lives lost? The money wasted? The huge cost of repairs? The lost votes of utility workers who will have to be retrained when we bury the lines?
And don't dare say "It can't be done." There are thousands of farms in North Dakota that never lose power in an ice storm. Why? Their lines were buried decades ago thanks to co-ops and the Rural Electrification Act (click that link and you can see FDR signing it).
Now is the time to tell non-cooperative utility companies to dig in or give in. Their right to run lines through our towns and villages can be revoked. There is no technical reason this cannot be done. Image what the news of the future could be:
"Worst ice storm in history, few lose power, no deaths reported, business as usual for most."
I don't presume to know exactly why the lines are not buried. Is it really because line-persons have a strong lobby? What I do know is that whole swathes of commercial and residential development in Northern Virginia have zero overhead lines because of zoning. Having lived there for a while it was weird to hear the news reports of massive outages in neighboring areas due to wind or ice while our power flowed uninterrupted.
So, if you happen to know anyone in the new administration, please pass along the idea that life doesn't have to be this way, hanging by a thread that ice might break. Bury the lines and boost the economy while saving lives. What could be better than that.
Notes:
Author's note: I feel passionately about this topic, so the language below is a bit edgy. However, revisiting this page seven years later it strikes me that my anger is still justified. I still haven't heard a socially responsible reason for not putting power lines underground, where they belong. I first wrote this while living in a rural area, but vast swathes of urban and suburban America still rely on exposed power lines strung between poles. Later when we moved to San Diego I read about that city's plan to put all utility lines underground. Why don't more cities do this?
Anyway, here's what I wrote in the winter of oh nine: Did the blogosphere or the wider economy register a dip in activity last week due to people not blogging because the power was out due to freezing rain? (I suspect tweeting from smartphones picked up the slack for some, at least while the batteries lasted.)
One headline said a million homes were without power. That's sad. And it is tough for all affected. But what really struck me about last week was the UTTER STUPIDITY OF DOWNED POWER LINES.
A million homes without power? Come on America, we can do better than that. Scores of deaths due to mistakes with make-do heating arrangements? Why? Because collectively speaking our country is too greedy/dumb/short-sighted to bury the power lines.
I'm not saying I'm angry about this, but I'm about ready to slap the first person who says "It costs to much." Compared to WHAT? The lives lost? The money wasted? The huge cost of repairs? The lost votes of utility workers who will have to be retrained when we bury the lines?
And don't dare say "It can't be done." There are thousands of farms in North Dakota that never lose power in an ice storm. Why? Their lines were buried decades ago thanks to co-ops and the Rural Electrification Act (click that link and you can see FDR signing it).
Now is the time to tell non-cooperative utility companies to dig in or give in. Their right to run lines through our towns and villages can be revoked. There is no technical reason this cannot be done. Image what the news of the future could be:
"Worst ice storm in history, few lose power, no deaths reported, business as usual for most."
I don't presume to know exactly why the lines are not buried. Is it really because line-persons have a strong lobby? What I do know is that whole swathes of commercial and residential development in Northern Virginia have zero overhead lines because of zoning. Having lived there for a while it was weird to hear the news reports of massive outages in neighboring areas due to wind or ice while our power flowed uninterrupted.
So, if you happen to know anyone in the new administration, please pass along the idea that life doesn't have to be this way, hanging by a thread that ice might break. Bury the lines and boost the economy while saving lives. What could be better than that.
Notes:
- The recent power outages were the worst in Kentucky history. HughesNet has a NOC in Kentucky. Maybe that's why their DNS is foobar and my blog was blocked so I couldn't post this about 3 days ago.
- The photo above is ice at the entrance to an ice cave in a glacier in Iceland. Why use that? We have no frozen power lines to photograph on our property--the man who built the place was smart, he buried them.
From Warm Engine to Hot Laptop: Saturdays now and then
So, I spent this Saturday fixing things. First there was the font problem with my blog, a classic case of a web site looking fine in every browser but Internet Explorer. I finally cracked the right code in the css file to get it to look right in IE as well as the other browsers (change font size from 60% to 10pix).
Then there was the problem of actually getting to my web site, which has been "off the radar" lately where radar = surfing on a HughesNet satellite connection. I am writing this post by running Anonymizer and routing my browser through their servers because Hughes obviously has a serious DNS problem that I am not going to solve by calling their tech support folks in India. All of which got me thinking about my how my Dad spent his Saturday mornings...
Then there was the problem of actually getting to my web site, which has been "off the radar" lately where radar = surfing on a HughesNet satellite connection. I am writing this post by running Anonymizer and routing my browser through their servers because Hughes obviously has a serious DNS problem that I am not going to solve by calling their tech support folks in India. All of which got me thinking about my how my Dad spent his Saturday mornings...
Hacking My Way to My Own Blog: Anonymously
Well, I'm back...after 4 days of being kept from my own web site by my ISP, the increasingly notorious HughesNet, about which I have written before. In fact, I still can't surf to my blog, unless I use a proxy server and bypass the HughesNet DNS.
So I am running Anonymizer, a very clever program that lets you surf the web without revealing your IP address. The program does this by routing your browser's requests to visit a web site, like my blog, through its own DNS servers, thereby avoiding, in my case, the apparently foobar DNS at HughesNet. There are other ways of doing this, like surfing via anonymouse.org, but they tend to flash ads on the screen to pay for their service. Alternatively, you can buy a subscription. What I'm doing right now is use a 7-day free trial of Anonymizer.
Let me make this clear, I am using a 7-day free trial of Anonymizer so I can get to my own web site. I have not called HughesNet about this problem (calls to HughesNet support should be avoided by people with high blood pressure according to my reading of the Hughes forum on DSLReports). In a few days I am headed down the Monetate office in Conshohoken for a week. I know I can reach my blog from there. When I get back I will see if the problem as gone away.
p.s. So far I am liking Anonymizer. It has a simple interface for turning the service on and off and it manages to do this without disrupting browsers sessions.
So I am running Anonymizer, a very clever program that lets you surf the web without revealing your IP address. The program does this by routing your browser's requests to visit a web site, like my blog, through its own DNS servers, thereby avoiding, in my case, the apparently foobar DNS at HughesNet. There are other ways of doing this, like surfing via anonymouse.org, but they tend to flash ads on the screen to pay for their service. Alternatively, you can buy a subscription. What I'm doing right now is use a 7-day free trial of Anonymizer.
Let me make this clear, I am using a 7-day free trial of Anonymizer so I can get to my own web site. I have not called HughesNet about this problem (calls to HughesNet support should be avoided by people with high blood pressure according to my reading of the Hughes forum on DSLReports). In a few days I am headed down the Monetate office in Conshohoken for a week. I know I can reach my blog from there. When I get back I will see if the problem as gone away.
p.s. So far I am liking Anonymizer. It has a simple interface for turning the service on and off and it manages to do this without disrupting browsers sessions.
Moving Mountains
Recently I made a comment on Twitter about my wife moving mountains. Figured I better post some evidence to back that up.
Here she is moving a mountain of snow from our yard. That's a 400cc Arctic Cat 4 wheel drive ATV that Chey is wrangling, without the benefit of power steering. It's locked in Low with chains on the rear tires and a Warn plow on the front.
Who would have thought, back when we met, nearly a quarter of a century ago, sipping cappuccino in a North Beach coffee shop, that we would one day find ourselves living on the side of an 'almost mountain' and one of us would be really good at snow plowing. Of course, I should have got a hint when one of us took up off-road desert racing and entered one of the toughest races in the world. Only later did I found out the reason she got a good deal on the dune buggy she put together for this: It had been in the race the year before and did about four somersaults when it hit a rock and left the track. The driver walked away, so I guess it was a good deal. Anyway, here it is in action, smoking another buggy off the line at the start of the Finke Desert Race 2000. Click, if you like, for a very short video with really bad sound.
Here she is moving a mountain of snow from our yard. That's a 400cc Arctic Cat 4 wheel drive ATV that Chey is wrangling, without the benefit of power steering. It's locked in Low with chains on the rear tires and a Warn plow on the front.
Who would have thought, back when we met, nearly a quarter of a century ago, sipping cappuccino in a North Beach coffee shop, that we would one day find ourselves living on the side of an 'almost mountain' and one of us would be really good at snow plowing. Of course, I should have got a hint when one of us took up off-road desert racing and entered one of the toughest races in the world. Only later did I found out the reason she got a good deal on the dune buggy she put together for this: It had been in the race the year before and did about four somersaults when it hit a rock and left the track. The driver walked away, so I guess it was a good deal. Anyway, here it is in action, smoking another buggy off the line at the start of the Finke Desert Race 2000. Click, if you like, for a very short video with really bad sound.
Top Gear's Clarkson Faces Head Gear Challenge
ROSEBOOM, N.Y., Jan. 22 /Newzwire/ -- Known for being over-the-top in deed and word, Jeremy Clarkson, presenter of the BBC hit series "Top Gear" may be facing a challenge for the 'top spot' when it comes to winter head gear.
Clarkson, seen it the top half of the image on the left, famously wore an elaborate fur hat for a recent cold weather motoring adventure.
But spy photos of a recently spotted winter head gear classic are now appearing (see bottom half of image on left) which may lay claim to the top-head-gear crown.
Described by one millinery aficionado as "a classic, full of the elegance that comes from simple lines and the very best in raw materials," this design is beautifully executed in seal skin. The hat is reported to be 50 years old, of a type once produced for the Hudson Bay Company in Canada.
Little is known about the current owner although he is rumored to have inherited the hat from his father, an engineer who spent time working on automative projects in Detroit and Ohio in the late 1950s.
###
Clarkson, seen it the top half of the image on the left, famously wore an elaborate fur hat for a recent cold weather motoring adventure.
But spy photos of a recently spotted winter head gear classic are now appearing (see bottom half of image on left) which may lay claim to the top-head-gear crown.
Described by one millinery aficionado as "a classic, full of the elegance that comes from simple lines and the very best in raw materials," this design is beautifully executed in seal skin. The hat is reported to be 50 years old, of a type once produced for the Hudson Bay Company in Canada.
Little is known about the current owner although he is rumored to have inherited the hat from his father, an engineer who spent time working on automative projects in Detroit and Ohio in the late 1950s.
###
A Cool Place: City Coffee Company in America's oldest city
Okay, so Saint Augustine is not exactly America's oldest city, it is the oldest continuously occupied European settlement in North America (founded 1563).
But the City Coffee Company, founded 2008, is exactly what a coffee shop should be. Good coffee, good pastry, good sandwiches, and free WiFi, from 6AM to 6PM weekdays (slightly shorter hours on the weekend). Add to that a rocking soundtrack that slides into some raw blues later in the day, and you have a great place to hang out, lunch out, or log in. Which is what I am doing at the moment, during my brief [and chilly] visit to Florida.
Of particular note are the bear claws [served warm], the breakfast burrito [served all day] and the latte [served on the dry side, which I like]. Speaking of which, I should buy another latte to 'pay' for this WiFi that I am gobbling up. Yum!
But the City Coffee Company, founded 2008, is exactly what a coffee shop should be. Good coffee, good pastry, good sandwiches, and free WiFi, from 6AM to 6PM weekdays (slightly shorter hours on the weekend). Add to that a rocking soundtrack that slides into some raw blues later in the day, and you have a great place to hang out, lunch out, or log in. Which is what I am doing at the moment, during my brief [and chilly] visit to Florida.
Of particular note are the bear claws [served warm], the breakfast burrito [served all day] and the latte [served on the dry side, which I like]. Speaking of which, I should buy another latte to 'pay' for this WiFi that I am gobbling up. Yum!
A Few of My Favorite Quotes
From today's inauguration speech:
"A nation cannot prosper long when it favors only the prosperous."
"Our power alone cannot protect us, nor does it entitle us to do as we please."
"Because we have tasted the bitter swill of civil war and segregation, and emerged from that dark chapter stronger and more united, we cannot help but believe that the old hatreds shall someday pass; that the lines of tribe shall soon dissolve; that as the world grows smaller, our common humanity shall reveal itself..."
"The success of our economy has always depended not just on the size of our Gross Domestic Product, but on the reach of our prosperity; on our ability to extend opportunity to every willing heart -- not out of charity, but because it is the surest route to our common good."
"We will build the roads and bridges, the electric grids and digital lines that feed our commerce and bind us together. We will restore science to its rightful place, and wield technology's wonders to raise health care's quality and lower its cost. We will harness the sun and the winds and the soil to fuel our cars and run our factories. And we will transform our schools and colleges and universities to meet the demands of a new age. All this we can do. And all this we will do."
"Our power grows through its prudent use; our security emanates from the justness of our cause, the force of our example, the tempering qualities of humility and restraint."
"Know that your people will judge you on what you can build, not what you destroy."
"To those who cling to power through corruption and deceit and the silencing of dissent, know that you are on the wrong side of history; but that we will extend a hand if you are willing to unclench your fist."
"A nation cannot prosper long when it favors only the prosperous."
"Our power alone cannot protect us, nor does it entitle us to do as we please."
"Because we have tasted the bitter swill of civil war and segregation, and emerged from that dark chapter stronger and more united, we cannot help but believe that the old hatreds shall someday pass; that the lines of tribe shall soon dissolve; that as the world grows smaller, our common humanity shall reveal itself..."
"The success of our economy has always depended not just on the size of our Gross Domestic Product, but on the reach of our prosperity; on our ability to extend opportunity to every willing heart -- not out of charity, but because it is the surest route to our common good."
"We will build the roads and bridges, the electric grids and digital lines that feed our commerce and bind us together. We will restore science to its rightful place, and wield technology's wonders to raise health care's quality and lower its cost. We will harness the sun and the winds and the soil to fuel our cars and run our factories. And we will transform our schools and colleges and universities to meet the demands of a new age. All this we can do. And all this we will do."
"Our power grows through its prudent use; our security emanates from the justness of our cause, the force of our example, the tempering qualities of humility and restraint."
"Know that your people will judge you on what you can build, not what you destroy."
"To those who cling to power through corruption and deceit and the silencing of dissent, know that you are on the wrong side of history; but that we will extend a hand if you are willing to unclench your fist."
A Couple of Cool Things
Using a blog post to criticize or complain about something is very easy, and of course it's a valid use of blogging, but as part of my New Year Resolution to blog more positively, I'm going to try and balance the groans with some cheers, and praise for things that have exceeded my expectations.
Like these shoes. They are Ahnus. I had never heard of them until some friends turned me on to Zappos. There are several things to like about Zappos, including the free shipping, even on returns. But whatI like most is the chance to browse a huge number of shoes all shown with really good product shots.
I picked out this pair of Ahnus to replace my Speery Top-sider deck shoes. Not that the Sperry's have worn out. Heck they are only 7 years young. No, the problem with Top-siders is cold and slush. They are great in rain and warm weather, but not so good in snowy climes. These Ahnus are warm, easy to get on and off, and seem to shed snow and slush like seals. I can slip them on to walk the dog regardless of the amount of snow fall. Sure, I will get snow on my socks and sweatpants, but that just improves the humidity when I get back inside.
I am about six months into wearing this pair almost daily. They are holding up well. Good for 7 years? Time will tell. But I'm hopeful.
Like these shoes. They are Ahnus. I had never heard of them until some friends turned me on to Zappos. There are several things to like about Zappos, including the free shipping, even on returns. But whatI like most is the chance to browse a huge number of shoes all shown with really good product shots.
I picked out this pair of Ahnus to replace my Speery Top-sider deck shoes. Not that the Sperry's have worn out. Heck they are only 7 years young. No, the problem with Top-siders is cold and slush. They are great in rain and warm weather, but not so good in snowy climes. These Ahnus are warm, easy to get on and off, and seem to shed snow and slush like seals. I can slip them on to walk the dog regardless of the amount of snow fall. Sure, I will get snow on my socks and sweatpants, but that just improves the humidity when I get back inside.
I am about six months into wearing this pair almost daily. They are holding up well. Good for 7 years? Time will tell. But I'm hopeful.
Subscribe to:
Posts (Atom)