One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 418036 |
| Date de publication | 2017-10-13 10:09:20 (vue: 2017-10-13 10:09:20) |
| Titre | NBlog October 13 - data breach reality check |
| Texte | In searching for information relating to GDPR and privacy for next month's awareness module, I bumped into the Business Continuity Institute's Horizon Scan 2017 report.The report's headline data come from a survey of 666 business continuity and risk management professionals from Europe and North America (mostly), concerning their perceptions about threats and incidents ... and immediately a few issues spring out at me.First of all, the survey population is naturally biased given their field of expertise: although sizable, this was clearly not a random sample. As with all professionals, they probably overemphasize the things that matter most to them, meaning serious incidents that actually or are believed to threaten to disrupt their organizations. It's no surprise at all that 88% of BC pro's are concerned or extremely concerned about "cyber attack" - if anything, I wonder what planet the remaining 12% inhabit! On the other hand, BC pro's ought to know what they are talking about, so their opinions are credible ... just not as much as hard, factual data concerning the actual incidents.On that score, this year's report provides information on actual incidents:"A new metric introduced in the BCI Horizon Scan Report measures actual disruption levels caused by the threats listed in figure 1 in order to provide a comparison against organizations' concerns. Figure 2 shows a contrast between the levels of disruption caused by a particular threat and how concerned an organization is about it. The study shows the actual causes of business disruption slightly differ from the threats practitioners list as significant concerns. The top causes of business disruption according to the same respondents include unplanned IT and telecommunications outages (72%), adverse weather (43%), interruption to utility supply (40%), cyber attacks (35%) and security incidents (24%)."The discrepancy between BC pros' perceptions and reality is quite marked. I'll come back to that in a moment.Second, the way incidents (and/or threats - the report is somewhat ambiguous over the difference) are described puzzles me. Here are the top 7, ranked according to the proportion of respondents who claimed to be "extremely concerned":Cyber attack (e.g. malware, denial of service) Data breach (i.e. loss or theft of confidential information) Unplanned IT and telecom outages Security incident (e.g. vandalism, theft, fraud, protest) |
| Envoyé | Oui |
| Condensat | #13 act adverse cyber data interruption security transport unplanned 2017 666 :cyber about above:unplanned accidental accompany according act activities actual actuality actually adverse after against alignment all although ambiguous america among and/or anything anyway appear appraisal appropriate are argue assessment attack attacks awareness back backwater based bci bcm because become being believed bench between biased black both breach bumped business but can categories caused causes changes check citing claimed clearly come comes comparison conceivably concern concerned concerning concerns conclusions confidential content continually continuity contrast could course coverage creating credible cyber data deliberate denial deploy described differ difference different disclosures discrepancies discrepancy disposal disrupt disruption disruption availability disruptions down driven drops drought easily electricity enough equipment europe even example examples expertise expertise: explore why extremely fact factual far field figure first flooding focus following food fortunate fraud from future gaps gas gdpr genuine given graphic hand handle hard has headed headline here high highlighted historically hmmm horizon how huge identification immediately impacts impressed improve incident incidents incidents: include increased indicate indistinct ineptitude influenced information inhabit insiders inspired institute interesting interruption introduced issue issues item: judging just know lack level levels list listed live look loss mainly malware management marked matter may meaning measures media metric module moment month more most mostly moving much naturally nblog need network new next nonetheless north not noted objective obvious occur october often one opinions order organization organizations other ought out outages outages adverse outages security outcome outsiders over overemphasize overlapping paid particular perceived perception perceptions perhaps physical picked plan planet plot plus population practitioners predicting presumably prioritize privacy pro probably problems processes professional professionals proportion pros protest provide provides purposes puzzles quite random ranging ranked rather realistic reality refers reflection relating remaining report reports resilient respondents right risk risks said same sample say scan score searching second security see seem seems serious service shows significant significantly since sizable skills slightly snow some somewhat soothsayers source speaking specific spring storage story strength study such supply supposedly surprise survey tactics talents/key talking telecom telecommunications tell tells terror terrorism terrorismthese terrorists that theft thefts them things those thought threat threaten threats together too top tranquil transport turn turns type unplanned used utility vandalism variety various waste water way weather well what whether which white who windstorm windstorm/tornado winning wonder work would year |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.