Inc., a global leader in data protection, today announced that it will preview
at the RSA conference the Breach Level Index, a new scale and methodology that calculates
the severity of data breaches across multiple dimensions based on breach
disclosure information. The Breach Level Index is intended to not only serve as
a benchmark for the industry, but to help Chief Information and Chief Security
Officers classify the severity of a breach as well as utilize the data in their
own risk assessment and planning.
"It is not
realistic today to expect enterprises to be able to prevent intruders and
insiders from penetrating perimeter defenses and accessing IT resources,” said
Richard Stiennon, founder of IT-Harvest. “In a world where breaches are a
given, we need to raise the level of discussion to ‘how severe was the breach?’
We developed the Breach Level Index to be a classification tool that enables
this level of discussion and better empower security industry professionals to
detect and prevent future breaches."
collaborated with IT-Harvest to develop the algorithmic formula used to
determine breach’s severity. When
calculating the scale of data breaches, the Breach Level Index factors a wide
variety of inputs, including data type, number of records stolen, breach source
and whether or not the high value data remained secure post breach. These inputs are then processed through an
algorithm that produces an index number consistent with the Saffir-Simpson
hurricane scale: 1 being least severe and 10 being most severe. The scale is open
ended (no upper limit) and logarithmic (base 10) so just as in the scales for
volcanoes and earthquakes, a score of 7, for instance, is 100 times more severe
than a score of 5. For example,the
TJX Companies Inc. breach was a 9.1 level breach and the Heartland Payment
Systems breach was a 9.3 level breach representing the two largest global
breaches to date on the Breach Level Index scale.
volume of breaches continues to increase, it is critical to keep in mind that
not all breaches are created equal in terms of the level of severity and damage
that they impose on organizations and their customers,” said Dave Hansen, President
and CEO, SafeNet. “The Breach Level Index is designed to serve as a guide for
security professionals as they navigate the new threat landscape. It will provide CIOs and CSOs with the data
needed to better classify breaches, conduct internal risk assessment and
planning and most importantly, employ the right security technologies to help ensure
that if a breach were to occur, their high value and most sensitive data would
not be compromised."
Breach Level Index is designed to track and measure the severity of breaches
globally and it will be calculated on a constant basis as information becomes
available, with breach data gathered from multiple sources.
A whitepaper detailing the specific methodology is available
at www.it-harvest.com/BLI.pdf and
Breach Level Index: Call for Security Professionals
The Breach Level Index was developed
by industry experts and evaluated on a wide range of historical breaches. The
BLI is an open initiative and as such, SafeNet is calling for security
professionals to contribute and participate in this important initiative.
The Breach Level Index will be previewed at RSA
Participants will be
able to use the Breach Level Index calculator to determine the level, scope and
severity of some of the most widespread breaches of 2012. The breaches that will be analyzed will be
derived from a wide range of industries, sources (both internal and external
threats) and include large scale academic and government breaches in addition
RSA Conference.SafeNet and IT-Harvest will preview the
Breach Level Index for RSA participants to evaluate, interact and comment on
the formula in SafeNet’s Booth #1825.
IT-Harvest is an industry analyst firm founded by Richard Stiennon,
security expert and industry analyst, who is known for disrupting the industry
with his insight. IT-Harvest creates reports and analysis of trends in emerging
threats and the technology to counter them. Vendors engage IT-Harvest for
strategic guidance on product road maps, acquisitions, and influence.
Enterprises around the world use IT-Harvest guidance for product and
architecture decision making. Wall Street engages with IT-Harvest to identify
category leaders, industry trends, and investment opportunities.