My 2009 DBIR presentation @ ISACA Hawaii.

1. A study conducted by Verizon Business
2009 DATA BREACH INVESTIGATIONS REPORT
Brief by Hosam W. El Dakhakhni, CISSP, CISM, CISA, CIA, CGEIT

2. This brief will cover the
following:
• My Conclusions
• Quick Facts
• Key Highlights
• Findings, Conclusions,
and Countermeasures
• TVM-Doing More For
Less
• Summary of
Recommendations
•Q&A

4. QUICK FACTS

5. All results are based on firsthand evidence collected
during 90 data breach investigations occurring in 2008
conducted by Verizon Business.
Only confirmed breaches are included. (not “data-at-
risk”)
Most of the statistics presented refer to the percentage
of cases, the percentage of records breached, or simply
the number of cases.
The authors make no claim that the findings of this
report are representative of all data breaches in all
organizations at all times.

6. Roughly 20 percent of cases involved more than one
breach
Nearly half of the caseload had distinct patterns and
commonalities
A little over 1/3 of the cases were made public (so far)

7. KEY HIGHLIGHTS

11. FINDINGS, CONCLUSIONS, AND
COUNTERMEASURES

34. Align process with policy
Achieve “Essential” then worry about “Excellent”
Secure Business Partner Connections
Create a Data Retention Plan
Control data with transaction zones
Monitor event logs
Create an Incident Response Plan
Increase awareness
Engage in mock incident testing
Changing default credentials is key
Avoid shared credentials
User Account Review
Application Testing and Code Review
Smarter Patch Management Strategies
Human Resources Termination Procedures
Enable Application Logs and Monitor

36. Hosam W. El Dakhakhni, CISSP, CISM, CISA, CIA, CGEIT
Principal - R!SC
Visit us at www.it-risc.com
Contact us at heldakhakhni@it-risc.com