Tuesday, December 19, 2006

breach bowl 2006

alright, here's a blog i whipped together for my "professional" info security blogging. not sure if they will actually post it, but thought i'd throw it out here...

If you’re like me, you’ve heard a bunch of different ways of picking the winning team for a football game, ranging from the absurdly analytical down to the flippant “who has the tougher looking mascot” approach my wife favors. In the spirit of the college football season coming to a close here in the U.S., I offer you yet another means of predicting who will rise to the top of the rankings this bowl season: data breach analysis. It’s pretty straight-forward: whoever loses the least amount of student and faculty data wins.

Given the rash of data loss incidents that have afflicted academia, this is no small feat. Universities face the very difficult challenge of managing sprawling, unique networks with thousands of intrepid students exploring their boundaries who have to be allowed more freedom than your corporate administrators would ever permit. So this is not an attempt to make light of the situation, only to show the extent of the problem in a light-hearted way.

Ohio State University vs. University of Florida
Winner: The gators edge out the buckeyes 3851 identities lost in 2005 in an incident at the Health Sciences Center versus Ohio States 17,800 identities lost or exposed in 2 separate incidents in 2005.

University of Michigan vs. University of Southern California (USC)
Winner: My alma mater, the wolverines, lay waste to the USC Trojans, 5,000 identities to 50,000. There were another potential 270,000 possibly accessed or exposed in a separate hacking incident in 2005 at USC.

Notre Dame vs. Louisiana State University (LSU)
Winner: LSU edges out Notre Dame by a thin margin. While Notre Dame has only suffered one public incident this year of unknown impact, LSU has kept them selves out of the headlines entirely.

Georgia Tech vs. West Virginia
Winner: West Virginia topples Georgia Tech as they suffered from a stolen computer incident in late 2005 putting 13,000 people at risk. The Mountaineers have not had any visible data breaches of late.

Louisville vs. Wake Forest
Winner: You’ll have to use a different method for this one, as breach rules show this one is a toss-up as neither team has had a publicly recorded data loss incident recently. My wife would tell you though that cardinal doesn’t really stand a chance against a demon deacon if they were to meet in a dark alley.

Data breach statistics courtesy of Privacy Rights Clearinghouse:

No comments: