Dr. Neal Krawetz, 2007-02-15
Dr. Neal Krawetz takes a look at the numbers behind reports of laptop thefts and phishing attacks, showing inconsistent metrics and the difficulty in using numbers to determine the real level of threat.
Colapse all |
Post comment
Laptop Losses and Phishing Fruit Salad
2007-02-16
Anonymous (2 replies)
Anonymous (2 replies)
Re: Laptop Losses and Phishing Fruit Salad
2007-02-16
Anonymous
Anonymous
If you can determine that the value of the data + laptop is less than the cost of implementing the control, you won't need to implement the control. That is why you need to determine the risk. It boils down to economics. This procedure applies to all forms of information security. When it comes down...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Laptop Losses and Phishing Fruit Salad
2007-02-19
Ben
Ben
Additionally, as budgets for security controls are limited, one would have to prioritize risks to mitigate the most important threats first and leave less endangered assets for later. Assurance companies can provide extremely valuable data that can be used as input in these risk assessments. Unfortu...
[ more ] [ reply ]
[ more ] [ reply ]
APWG Response: Laptop Losses and Phishing Fruit Salad
2007-02-21
APWG (2 replies)
APWG (2 replies)
Neal,
Thanks for a good and stimulating article. In the future, it might be helpful for you to ask APWG statisticians about how the numbers are computed before writing an article.
APWG has not revised our methodology for counting. Rather, we have ADDED additional, separately tracked, measure...
[ more ] [ reply ]
Thanks for a good and stimulating article. In the future, it might be helpful for you to ask APWG statisticians about how the numbers are computed before writing an article.
APWG has not revised our methodology for counting. Rather, we have ADDED additional, separately tracked, measure...
[ more ] [ reply ]
Re: APWG Response: Laptop Losses and Phishing Fruit Salad
2007-02-21
Neal Krawetz (1 replies)
Neal Krawetz (1 replies)
Hi Dave,
It's always good to hear from you.
With regards to your comments:
In your reply, you wrote: "APWG has not revised our methodology for counting."
This seems to be contradicted by the APWG_Phishing_Activity_Report-Oct2004.pdf which begins by saying:
"With this report for October 20...
[ more ] [ reply ]
It's always good to hear from you.
With regards to your comments:
In your reply, you wrote: "APWG has not revised our methodology for counting."
This seems to be contradicted by the APWG_Phishing_Activity_Report-Oct2004.pdf which begins by saying:
"With this report for October 20...
[ more ] [ reply ]
Re: Re: APWG Response: Laptop Losses and Phishing Fruit Salad
2007-02-22
APWG
APWG
Neal,
Our experience is that people contribute phishing emails to sites and services that take action against them (eg. takedown or law enforcement). This can be seen by the growth of the Anti-Phishing Working Group membership, and by the rapid growth of the PhishTank and PIRT anti-phishing comm...
[ more ] [ reply ]
Our experience is that people contribute phishing emails to sites and services that take action against them (eg. takedown or law enforcement). This can be seen by the growth of the Anti-Phishing Working Group membership, and by the rapid growth of the PhishTank and PIRT anti-phishing comm...
[ more ] [ reply ]
Re: APWG Response: Laptop Losses and Phishing Fruit Salad
2007-02-23
mike (1 replies)
mike (1 replies)
i think jevans is missing the point. every admin out there should not have to personally ask him or anyone else what he collects and what he measures. asking every vendor how they come up their numbers sounds like a full time job and i dont have the budget for it...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]