一种以人为本的新方法用于确定组织面临第三方数据泄露的风险.pdf

1、#SECTORCA SecTorCAA New People-Centric Approach to Determining an Organizations Exposure to a Third-Party Data Breach#SECTORCA SecTorCAChristine DewhurstPartner,NSC TechDr.ThomasLeeCEO,Vivo Security#SECTORCA SecTorCAHow to develop a model for probabilityFinding the differences between all companies

2、that did and did not experience data breach#SECTORCA SecTorCAWe can use regression modellingAll Companies that DID have breachesAll Companies that did NOThave breachesRegression ModelingMillions of companiesThousands of companiesSame predictive factors measured for both groupsProblems to solve:1.how

3、 many breaches?Problems to solve:2.What factors are predictive and measurable?#SECTORCA SecTorCAHow we solved problem 1How many data breaches are there?#SECTORCA SecTorCAMaryland is a magic source of dataBreaches affecting even a single Maryland resident are reportCompanies with headquarters Across

4、all 50 states#SECTORCA SecTorCAWe discovered we can predict breaches by state#SECTORCA SecTorCAGDP predicts breaches Independent of economy-typeOilAgricultureTechnology#SECTORCA SecTorCAProblem 2,SOLVED!Data breaches are so predictable,we can predictthem based solely upon economic activitySet distan

5、ce to zeroForecast total breaches for stateTotal breaches:2957Reported to Maryland:771#SECTORCA SecTorCAHow we solved problem 2What predictive factors can be measured for all companies#SECTORCA SecTorCAFactors that predict data breachand can be measured for all companies#SECTORCA SecTorCAModelling o

6、bservationsMany other certifications were tried and found to be predictive by themselves,but did not increase the accuracy when combined with CISSP(when collinear or correlated remove from model)CISA was different from other cybersecurity certificationsCounting employees with certifications was bett