Examining the Sources of Security Incidents

Monday, June 06, 2011

Bozidar Spirovski

E973b16363b3de77b360563237df7e32

Security incidents come in all shapes and sizes. They can affect availability, confidentiality or integrity.

Shortinfosec organized a Linkedin poll to observe the opinions of the professionals on what are the sources of security incident that they deem most frequent.

The poll has 56 respondents, and there is no scientific selection of respondent groups to have a full blown research result. However, this small still nicely represents the issues by frequency that organizations are coping with.

The poll question was What is the most frequent incident type that is affecting your organization?

Five answers were suggested

  • Network Issue or Outage
  • External Hacker Attack
  • Internal Hacker Attack
  • Software Error Causing Data Corruption
  • Human Error Causing Data Corruption

The poll was open for all Linkedin users for 20 days, with invitations sent to the Linkedin connections and groups.

Results and Analysis

After the closing of the poll, the following results were observed:

Most respondents (66%) select network issues as the primary source of security incidents. Data corruption due to human error takes the second place with 18%, and data corruption due to software error with 13%.

image

However, the demographics of the responses also indicate different view of the issues from a different executive level. Network issue is selected as a primary source of security incidents by operational personnel. Management levels have also voted on this option, but the majority of issues of networking are felt by operational teams.

image

The second most frequent issue is human error, and this is an incident which is mostly identified by managers (more then 75%). In reality, a human operator within a company has significant abilities to work within the information system of the company.

Human errors can happen for any number of reasons, and paired with the abilities of the human operator within the systems, very significant errors can occur corrupting data, causing erroneous calculations. And such data corruptions are easily felt across the entire company, hence the votes by management.

image

The third most frequent issue is data corruption due to software errors. These should have a much lower frequency then human errors, but the impact of such errors can be very wide ranging - since the error is embedded within the information system.

image

External hacker attack was chosen as the least frequent issue. But this only presents the view of the internal users. It is quite possible that internal users do not have the full scope of hacker attacks - they are not detected, or corporate procedures prevent distribution of information about hacker attacks.

image

Conclusion

The overall poll, while not conforming to standards for academic research, it still provides the following insights - operational people are plagued by network issues (availability), while managers are plagued by data corruptions (integrity).

Very few identify actual breach of confidentiality as a top issue in security incidents. It seems that the corporate world is either well protected against confidentiality breaches, or is still relatively blind to them. We would bet on the latter.

Cross-posted from ShortInfosec

Possibly Related Articles:
14729
Network->General
Information Security
Data Loss Enterprise Security Insider Threats Application Security report hackers
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.