A quick check on breach size distribution

Mike Roytman of RiskI/O argued in a recent BSides Las Vegas presentation that power law distributions are often far more useful when modeling incident impact than the more commonly used normal distribution (and certainly more useful than point estimates of central tendency, like median or mean).

He presented some empirical evidence of his own for this claim, and – as a good presenter does – got me thinking. Grabbing some nearby data from 110 breaches of known size involving NY firms in 2006 (which I gathered via FOIA and used in a FIRST presentation) I was able to pretty quickly crank out a pretty graphic.

Lo and behold, I do believe the gentleman is on to something. And it was fun to put the old data to new use.Rplot-pow.png

Advertisements
Posted in Security | Leave a comment

Additional SEC docs

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

12/19/2013 http://www.sec.gov/Archives/edgar/data/71691/000119312513479202/filename1.htm NEW YORK TIMES CO (CORRESP for NEW YORK TIMES CO)
10/22/2013 http://www.sec.gov/Archives/edgar/data/1111665/000119312513406326/filename1.htm TELECOMMUNICATION SYSTEMS INC FA (CORRESP for TELECOMMUNICATION SYSTEMS INC FA)
10/10/2013 http://www.sec.gov/Archives/edgar/data/930309/000119312513396074/filename1.htm DELHAIZE GROUP (CORRESP for DELHAIZE GROUP)
09/24/2013 http://www.sec.gov/Archives/edgar/data/202058/000119312513376280/filename1.htm HARRIS CORP DE (CORRESP for HARRIS CORP DE)
09/10/2013 http://www.sec.gov/Archives/edgar/data/1167886/000093980213000148/filename1.htm GOLDFIELDS INTERNATIONAL INC (CORRESP for GOLDFIELDS INTERNATIONAL INC)
08/08/2013 http://www.sec.gov/Archives/edgar/data/1111665/000119312513327035/filename1.htm TELECOMMUNICATION SYSTEMS INC FA (CORRESP for TELECOMMUNICATION SYSTEMS INC FA)
06/14/2013 http://www.sec.gov/Archives/edgar/data/1574815/000119312513259926/filename1.htm STOCK BUILDING SUPPLY HOLDINGS INC (CORRESP for STOCK BUILDING SUPPLY HOLDINGS INC)
05/23/2013 http://www.sec.gov/Archives/edgar/data/1047122/000104712213000069/filename1.htm RAYTHEON CO (CORRESP for RAYTHEON CO)
04/25/2013 http://www.sec.gov/Archives/edgar/data/1564708/000119312513175006/filename1.htm New Newscorp LLC (CORRESP for New Newscorp LLC)
04/16/2013 http://www.sec.gov/Archives/edgar/data/1157408/000110465913029858/filename1.htm K12 INC (CORRESP for K12 INC)

You can read more about correspondence like this at https://vaguelythreatening.wordpress.com/2012/08/30/sec-comment-letters-as-infosec-situational-awareness/ and about the automated mechanism used to identify these files at https://vaguelythreatening.wordpress.com/2012/11/14/a-note-on-automated-postings-of-sec-cyber-correspondence/

Posted in Uncategorized | Leave a comment

New batch of SEC correspondence

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

12/05/2013 http://www.sec.gov/Archives/edgar/data/71691/000000000013066300/filename1.pdf NEW YORK TIMES CO (UPLOAD for NEW YORK TIMES CO)
10/21/2013 http://www.sec.gov/Archives/edgar/data/1571384/000000000013057717/filename1.pdf SIGMABROADBAND CO (UPLOAD for SIGMABROADBAND CO)
10/10/2013 http://www.sec.gov/Archives/edgar/data/1585689/000000000013056179/filename1.pdf Hilton Worldwide Holdings Inc (UPLOAD for Hilton Worldwide Holdings Inc)
09/26/2013 http://www.sec.gov/Archives/edgar/data/930309/000000000013053279/filename1.pdf DELHAIZE GROUP (UPLOAD for DELHAIZE GROUP)
09/26/2013 http://www.sec.gov/Archives/edgar/data/937834/000000000013053183/filename1.pdf METROPOLITAN LIFE INSURANCE CO (UPLOAD for METROPOLITAN LIFE INSURANCE CO)
09/09/2013 http://www.sec.gov/Archives/edgar/data/1111665/000000000013049343/filename1.pdf TELECOMMUNICATION SYSTEMS INC FA (UPLOAD for TELECOMMUNICATION SYSTEMS INC FA)
06/11/2013 http://www.sec.gov/Archives/edgar/data/1370880/000000000013031641/filename1.pdf FireEye Inc (UPLOAD for FireEye Inc)
06/04/2013 http://www.sec.gov/Archives/edgar/data/1574815/000000000013030509/filename1.pdf STOCK BUILDING SUPPLY HOLDINGS INC (UPLOAD for STOCK BUILDING SUPPLY HOLDINGS INC)
04/25/2013 http://www.sec.gov/Archives/edgar/data/1478242/000000000013022343/filename1.pdf Quintiles Transnational Holdings Inc (UPLOAD for Quintiles Transnational Holdings Inc)
04/18/2013 http://www.sec.gov/Archives/edgar/data/1478242/000000000013020915/filename1.pdf Quintiles Transnational Holdings Inc (UPLOAD for Quintiles Transnational Holdings Inc)
04/02/2013 http://www.sec.gov/Archives/edgar/data/1157408/000000000013017648/filename1.pdf K12 INC (UPLOAD for K12 INC)
03/29/2013 http://www.sec.gov/Archives/edgar/data/1569340/000000000013017075/filename1.pdf TICKET TO SEE INC (UPLOAD for TICKET TO SEE INC)
01/22/2013 http://www.sec.gov/Archives/edgar/data/895421/000000000013003533/filename1.pdf MORGAN STANLEY (UPLOAD for MORGAN STANLEY)
12/31/2012 http://www.sec.gov/Archives/edgar/data/1563411/000000000012070011/filename1.pdf Constellium N V (UPLOAD for Constellium N V)
10/26/2012 http://www.sec.gov/Archives/edgar/data/732717/000000000012059293/filename1.pdf AT T INC (UPLOAD for AT T INC)
10/09/2012 http://www.sec.gov/Archives/edgar/data/6769/000000000012055743/filename1.pdf APACHE CORP (UPLOAD for APACHE CORP)
10/05/2012 http://www.sec.gov/Archives/edgar/data/1427352/000000000012055348/filename1.pdf Onteco Corp ( Onteco Corp)
10/02/2012 http://www.sec.gov/Archives/edgar/data/797468/000000000012054287/filename1.pdf OCCIDENTAL PETROLEUM CORP DE (UPLOAD for OCCIDENTAL PETROLEUM CORP DE)

You can read more about correspondence like this at https://vaguelythreatening.wordpress.com/2012/08/30/sec-comment-letters-as-infosec-situational-awareness/ and about the automated mechanism used to identify these files at https://vaguelythreatening.wordpress.com/2012/11/14/a-note-on-automated-postings-of-sec-cyber-correspondence/

Posted in Uncategorized | Leave a comment

New SEC 10K for QLOGIC CORP, ELECTRONIC ARTS INC

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

05/23/2013 QLOGIC CORP http://www.sec.gov/Archives/edgar/data/918386/000119312513233611/d488985d10k.htm (10-K for QLOGIC CORP)
05/22/2013 ELECTRONIC ARTS INC http://www.sec.gov/Archives/edgar/data/712515/000071251513000022/ea20130331-10kdoc.htm (10-K for ELECTRONIC ARTS INC)

Links shown in red contain references to actual “cyber” events/incidents, and the like.

Posted in Uncategorized | Leave a comment

New SEC 10K for SYMANTEC CORP, GBS Enterprises Inc, BMC SOFTWARE INC

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

05/17/2013 SYMANTEC CORP http://www.sec.gov/Archives/edgar/data/849399/000119312513226119/d516182d10k.htm (10-K for SYMANTEC CORP)
05/17/2013 GBS Enterprises Inc http://www.sec.gov/Archives/edgar/data/1413754/000114420413030265/v344975_10k.htm (10-K for GBS Enterprises Inc)
05/09/2013 BMC SOFTWARE INC http://www.sec.gov/Archives/edgar/data/835729/000119312513210706/d508475d10k.htm (10-K for BMC SOFTWARE INC)

Links shown in red contain references to actual “cyber” events/incidents, and the like.

Posted in autopost, SEC Project | Leave a comment

New SEC correspondence for PROSPER MARKETPLACE INC, Prosper Funding LLC

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

10/01/2012 PROSPER MARKETPLACE INC, Prosper Funding LLC http://www.sec.gov/Archives/edgar/data/1416265/000114036112042187/filename1.htm (CORRESP for PROSPER MARKETPLACE INC)

06/22/2012 Prosper Funding LLC http://www.sec.gov/Archives/edgar/data/1542574/000000000012032914/filename1.pdf (UPLOAD for Prosper Funding LLC)

You can read more about correspondence like this at https://vaguelythreatening.wordpress.com/2012/08/30/sec-comment-letters-as-infosec-situational-awareness/ and about the automated mechanism used to identify these files at https://vaguelythreatening.wordpress.com/2012/11/14/a-note-on-automated-postings-of-sec-cyber-correspondence/

Posted in Uncategorized | Leave a comment

New SEC 10K for DEBT RESOLVE INC, ORCHARD SUPPLY HARDWARE STORES CORP

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

05/03/2013 DEBT RESOLVE INC http://www.sec.gov/Archives/edgar/data/1106645/000147793213002123/drsv_10k.htm (10-K for DEBT RESOLVE INC)
05/03/2013 ORCHARD SUPPLY HARDWARE STORES CORP http://www.sec.gov/Archives/edgar/data/896842/000119312513199400/d475976d10k.htm (10-K for ORCHARD SUPPLY HARDWARE STORES CORP)

Links shown in red contain references to actual “cyber” events/incidents, and the like.

Posted in Uncategorized | Leave a comment