[Full-Disclosure] Data about security incidents

From: Markus Zeilinger (mz_at_sea.uni-linz.ac.at)
Date: 05/15/04

  • Next message: Georgi Guninski: "Re: [Full-Disclosure] Support the Sasser-author fund started"
    To: <full-disclosure@lists.netsys.com>
    Date: Sat, 15 May 2004 14:17:21 +0200
    
    

    Dear all,

    I am currently working on my master thesis (computer science) and I need
    your help. My topic relates to "IT security for academic institutions" which
    deals with severals special points concerning IT security you get
    confrontated with in an academic enviroment.
    For this work I need some material about security incidents in academic
    institutions in the last years (data for the last 5-6 years if available). I
    need figures and facts about the following questions:
    - How many incidents happen in a year? Is the incident count increasing in
    the last years (if yes, by which percentage over the last years?)?
    - Which kind of incidents are the most common (percentage: viruses and
    worms, port scans, cross-site scripting, rpc exploits, ...?
    - Which costs per year emerge from these incidents (if countable)?
    - How long does it at an average take to recover from security incidents?
    - Which operating systems are you using (percentage)?
    - How many people are involved in your security department (if there is a
    dedicated security department)?
    - How many students/employees has your institution?

    Since such informations are very rare and there are no reliable studies
    available in this field, I would really appreciate your help!
    I of course know that these are very sensible informations, so you can of
    course send me the informations in an anonymous way.

    You can find some more informations about my work and myself at my virtual
    home at http://www.sea.uni-linz.ac.at/department/staff/mz/ (partly in
    German).

    Thanks in advance for your help!

    Best regards,
    Markus Zeilinger

    ------------------------------------------------
    Markus Zeilinger
    Institute for Systems Engineering and Automation
    University of Linz
    Altenberger Strasse 69
    A-4040 Linz, AUSTRIA

    Tel.: +43-(0)732-2468-8869
    Fax: +43-(0)732-2468-8878
    Mail: mz@sea.uni-linz.ac.at
    Home: http://www.sea.uni-linz.ac.at/department/staff/mz/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Georgi Guninski: "Re: [Full-Disclosure] Support the Sasser-author fund started"

    Relevant Pages

    • Re: killing us softly with their stupidity
      ... > Do you know that the provider ... institutions, we can't get rid of them entirely (still that won't keep ... > Lahood concession for appointing men on top of the security pyramid then ... problems which we can't blame on sectarianism (or on sectarianism ...
      (soc.culture.lebanon)
    • cameron on national security.....and an amusing article on brown, the empty suit....
      ... NATIONAL SECURITY FIRST ... But there are some institutions that must come first: ...
      (uk.politics.misc)
    • USA Security Restructuring2014: USA Institutions are not under Bristish challenge; the indolence is.
      ... USA Security Restructuring2014: USA Institutions are not under Bristish challenge; ... Inside Continue reading the main story Continue reading the main story Continue reading the main story Share This Page ... Adam Liptak - order to stop commentinmg on american institutions now from the uSA President during the USA Security Restructuring2014. ...
      (soc.culture.usa)
    • [Full-disclosure] 365,000 identities breached at Ohio University
      ... There have been a series of OU breaches leading to independent investigations, leading to security education at a high level. ... For many institutions, security is a low priority until some incidenttrigger a wake-up call about the need for improved education in some areas. ... Employees with long standing experience with the hacked systems, had tried to get higher authority to become aware of vulnerabilities, before the security breaches occurred, but nothing was done. ...
      (Full-Disclosure)
    • Latest round of web hacking incidents for 2007 & Project news
      ... the Web Hacking Incidents Database Project we have collected numerous new ... We have also started adding more classifications to each incident. ... VP Security Research, Breach Security ... Attack Method: Credential/Session Prediction ...
      (Bugtraq)