• Corpus ID: 167968825

2009 Data Breach Investigations Report

  title={2009 Data Breach Investigations Report},
  author={Wade H. Baker and Alex Hutton and C. David Hylender and Christopher J. Novak and Christopher Porter and Bryan Sartin and Peter S. Tippett and Andrew Valentine and Thijs Bosschert and Eric Brohm and Calvin Chang and R. Dormido and K. Eric Gentry and Mark Goudie and Ricky Ho and Stan S. Kang and Wayne Lee and J. W. (Hans) Niemantsverdriet and David Ostertag and Michael Rosen and Enrico Telemaque and Matthijs Van Der Wel and Ben Van Erck},
Healthcare Read time: < 4 minutes 4 Almost three quarters of security incidents in healthcare in 2015 involved physical theft and loss, insider and privilege misuse and miscellaneous errors. While breach data was typically compromised in minutes or less, discovery often took months or more. The Verizon 2016 Data Breach Investigations Report (DBIR) shows that the majority of data security incidents can be classified into one of nine patterns. Just three of these categories account for 73% of all… 

Cybersecurity Challenges and Compliance Issues within the U.S. Healthcare Sector

A case study examining three organizations in the Healthcare Sector using document analysis to ascertain the problems that resulted in information breaches and the consequences of such breaches indicates the failures that occur with the inadequate compliance to the above federal Acts and provides recommendations to control future breaches.

A Data Centric Security Cycle Model for Data Loss Prevention of Custodial Data and Company Intellectual Property

The security action cycle model of Straub and Welke is used as a theoretical lens to build a data centric security cycle model to safeguard the data that are “at rest, in motion and in use”.

Developing a Global Data Breach Database and the Challenges Encountered

The results of this research can help government entities, regulatory bodies, security and data quality researchers, companies, and managers to improve the data quality of data breach reporting and increase the visibility of the data breach landscape around the world in the future.

Real-Time Information Security Incident Management: A Case Study Using the IS-CHEC Technique

This case study presents empirical research that uses Information Security Core Human Error Causes over a 12 month period within two participating public and private sector organisations in order to observe and understand how the implementation of the IS-CHEC information security HRA technique affected the respective organisations.

Database Security: What Students Need to Know

  • M. Murray
  • Computer Science
    J. Inf. Technol. Educ. Innov. Pract.
  • 2010
A set of subtopics for inclusion in a database security component of a course is presented using a set of interactive software modules and found to be the two most common forms of hacking, an interesting finding given that both of these exploits are well known and often preventable.

Social Representations of Cybersecurity by University Students and Implications for Instructional Design

The research in this paper focuses on cybersecurity education in the IS core course, defined as "The ability to protect or defend the use of cyberspace from cyber attacks" (NIST, 2013, p. 58).

Unintentional Insider Threats : A Review of Phishing and Malware Incidents by Economic Sector

The research team collected and analyzed publicly reported phishing cases and performed an initial analysis of the industry sectors impacted by this type of incident, comparing security offices’ current practice of UIT monitoring in the current manufacturing and healthcare industries’ practice of tracking near misses of adverse events.

A Framework for Data-Driven Physical Security and Insider Threat Detection

This paper presents PSO, an ontological framework and a methodology for improving physical security and insider threat detection. PSO can facilitate forensic data analysis and proactively mitigate

Global Information Assurance Certification Paper

This paper presents a new approach to risk based exception management, which will allow organizations to grant exceptions based on inherent data leakage risk, and introduces a concept for evaluating and categorizing users based on their access to sensitive information.