Note: I’ve you’ve seen my Tyler Perry rant from earlier today you’ll understand the title 🙂

Well I’m back home from RSA Conference 2010 and I’m exhausted. I caught up with old friends, met new friends, and talked quite a bit. Here are a few of the “talks” in question from last week:

“My Life on the Information Security D-List” Presentation at #BSidesSF

“Unicorns, Clubhouses, and Ruffled Feathers: Women in Security Part 2” Presentation at #BSidesSF

“RSA 2010: What responsibility do security bloggers have to the industry?” Interview

Please vote for my BSidesSanFrancisco talk entitled “My Life on the Infosec D-List” by tweeting (I think that’s a verb now) the following:

I vote for “My Life on the Infosec D-List” by @andrewsmhay #BSidesSF http://bit.ly/BSidesSFtalks

Abstract: People new to information security often find themselves wondering how to make a name for themselves in the industry. Andrew Hay has lived most of his career on the D-list but has worked hard to increase his status in the hopes of someday landing that coveted A-list position. Through this talk we’ll discuss how to expand your circle of influence, how to build your personal brand, and how to move up from the dreaded Infosec D-List.

I PROMISE it will be entertaining 😉

The results of a study show that the average cost of a data breach (based on 2009 data) is $204USD per exposed record. I often find it hard to value the data I’m protecting so this is really a good starting point to measure against.

Report: http://www.encryptionreports.com/2009cdb.html

Excellent writeup: http://www.scmagazineus.com/data-breaches-cost-organizations-204-per-record-in-2009/article/162259/

Highlights:

• Number of data breaches that were caused by malicious attacks and botnets doubled from 12 percent in 2008 to 24 percent in 2009.
• Data breaches caused by malicious attacks cost organizations 30 to 40 percent more on average than those caused by human negligence or by IT system glitches.
• 42 percent of all data breaches last year resulted from third-party mistakes.
• 36 percent of breaches involved lost or stolen laptops or other mobile devices.
• Lost business makes up the largest portion of breach costs, totaling $135 per record lost on average, a slight decrease from $139 in 2008.
• Ex-post response activities, which include providing credit monitoring services and other assistance to breach victims, cost $46 per record last year, up from $39 in 2008.
• Most expensive data breach included in this year’s study cost one organization nearly $31 million to resolve, and the least expensive breach cost $750,000.
• Activities that enable organizations to detect the breach, which totalled $8 per record on average last year, and costs to notify breach victims, which totaled $15 per record.
• Those who notified breach victims within one month paid $219 per record exposed, on average, versus $196 paid by those who waited longer.
• Having a CISO, or equivalent position, could decrease data breach costs by 50 percent.
• Companies with a CISO paid $157 per compromised record, on average, compared to those which did not have a CISO ($236 per compromised record).