Re: CRIME 80/20 Rule

From: Gary Warner (gar@private)
Date: Tue Aug 19 2003 - 17:59:43 PDT

Next message: Kuo, Jimmy: "RE: CRIME SOBIG ADVISORY"

Previous message: Quinby, Kris (MED): "RE: CRIME 80/20 Rule"
In reply to: Daggett, Steve: "CRIME 80/20 Rule"
Next in thread: Crispin Cowan: "Re: CRIME 80/20 Rule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

anytime you hear "80 / 20" you can assume someone is inventing
statistics based on the famous and imaginary "80/20 Rule".

Its not necessarily (ok, not even close to) a scientific sampling, but
the CSI/FBI Annual Security report has some numbers in this area.

http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2003.pdf

(You have to fill out a "registration" to get the pdf so they can spam
you, but its Nice Spam...8-)  )

45% of respondents reported "unauthorized Access by Insiders".  80%
reported "Insider Abuse of Net Access" 

Specifically with regards to attacks vs. WWW sites, the question "Did
the attacks come from Inside, Outside, Both, or Don't Know" yielded:

 5% inside
53% outside 
18% both
24% don't know


_-_
gar

Next message: Kuo, Jimmy: "RE: CRIME SOBIG ADVISORY"
Previous message: Quinby, Kris (MED): "RE: CRIME 80/20 Rule"
In reply to: Daggett, Steve: "CRIME 80/20 Rule"
Next in thread: Crispin Cowan: "Re: CRIME 80/20 Rule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 19 2003 - 18:45:28 PDT