I just wanted to let everyone know that Verizon Business has published the 2009 Data Breach Report.  The breadth and depth of these reports are invaluable.  Since there are very few solid sources of this type of information the release of this report dominates the availability of the few brain cells I have remaining.

Press Release Here: http://www.verizonbusiness.com/products/security/risk/databreach/
Actual Report Here: http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
Look for updates/comments from the authors/team at http://securityblog.verizonbusiness.com

From my first 5 minute glance at the report here are some of my favorite things:

Figure 31. Time Span of breach event by percent of breaches. This may be the best metric we as security professionals can look to improve.  Seeking to reduce the time to Incident Identification and Mitigation

Figure 32. Breach Discovery methods by percent of breaches.  Interesting observations about how things are detected, nearly 70% by third parties, only 7% by “active” internal teams.

Figure 34. Detective Controls by percent of breach victims.  System and Application Logs are KEY (don’t just rely on security devices).

Many of the recommendations seem brain dead simple so I won’t cover them here, nor will I go into the pseudo risk calculations or PCI “Compliance” at this time.  All in all a ton of food for thought in this report.  I’m going to wait to post more comprehensive notes on this report to allow it all to sink in a bit more.  Verizon obviously puts a lot of thought and effort into this report and I find myself spending hours dissecting it every time.  To my friends over at Verizon Business - Thanks again for the information!  Everyone else - I encourage you to take the time to review it thoroughly.

Hackers for Charity is Johnny Long’s new website and mission in life.  Saying that I applaud him on this effort is the biggest understatement I can make.  On a personal level I am very moved by his passion and commitment to server others, here and everywhere.  Johnny has taken his talents and applied them in ways that help so many people across the world.  Just thinking about what he is accomplishing motivates me to seek better out of myself.  Please do pop over to his site and find a way to help Johnny and his family on their upcoming year-long efforts in Uganda.  Equipment, Advise, Money - anything you can provide will help Johnny, his family and so many others in Uganda and across the world!

Rocky