Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Security Incidents due to user error
From: "Dodge, Adam" <Adam.Dodge () SUNY EDU>
Date: Tue, 30 Jan 2007 12:15:26 -0500

Based on my personal research (available at
http://www.adamdodge.com/esi), out of the 83 reported security incidents
last year 26 were caused by theft, 3 were caused by loss and 20 by
unauthorized disclosure. 33 incidents were caused by computer and/or
network penetration and 1 was an impersonation. This gives us roughly
71% caused by employee/human error, if you want to consider things such
as loss, theft and unauthorized disclosure as human error.

However, actual numbers of records reflected gives a different
percentage. The 83 incidents exposed roughly 2,683,059 records
(including 14 incidents affected an unknown number). Computer/network
penetration accounted for roughly 82% (2,209,237 records) of the

I am working on a report that will hopefully be available sometime in
Feb with this information and more.


-----Original Message-----
From: Anthony Maszeroski [mailto:maszeroskia3 () SCRANTON EDU] 
Sent: Tuesday, January 30, 2007 11:36 AM
Subject: [SECURITY] Security Incidents due to user error

I'm looking for a figure for the approximate percentage of security
incidents attributed to user/human error. I know I've read some
statistics before, but I can't seem to locate them now. Does anyone have
a pointer to this information?

- Anthony Maszeroski
Network Security Specialist
The University of Scranton
email : maszeroskia3 () scranton edu
phone : 570-941-4226

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]