Contributed by Organizations or Campuses; Articles, Papers, and Reports; and Data Security

The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. This report seeks to answer the following questions;

• Who is behind data breaches?
• How do breaches occur?
• What commonalities exist?
• Where should mitigation efforts be focused?

Review of news sources and databases shows an increase in the number of both security incidents and affected institutions in the last year.

"If you accept payment cards on campus, you need to comply with a standard designed for safe handling of sensitive consumer information. Indiana University’s compliance plans offer some guidance."

"Last year, Netflix published 10 million movie rankings by 500,000 customers, as part of a challenge for people to come up with better recommendation systems than the one the company was using. The data was anonymized by removing personal details and replacing names with random numbers, to protect the privacy of the recommenders. "

"Over the last several years, there has been an emerging interest in the development of wide-area data collection and analysis centers to help identify, track, and formulate responses to the ever-growing number of coordinated attacks and malware infections that plague computer networks worldwide. As large-scale network threats continue to evolve in sophistication and extend to widely deployed applications, we expect that interest in collaborative security monitoring infrastructures will continue to grow, because such attacks may not be easily diagnosed from a single point in the network. The intent of this position paper is not to argue the necessity of Internet-scale security data sharing infrastructures, as there is ample research [13, 48, 51, 54, 41, 47, 42] and operational examples [43, 17, 32, 53] that already make this case. Instead, we observe that these well-intended activities raise a unique set of risks and challenges.

With all of the concern today about retailers inadequately protecting their credit card data, it's logical to assume that retail IT managers would have made themselves quite familiar with the ins-and-outs of the Payment Card Industry Data Security Standard (PCI DSS).

"Much like Moore's Law, PGP has seen huge advances in encryption technologies over the years -- specifically the ability for encryption to work faster and easier in a network while still being transparent to the end user," said Phillip Dunkelberger, President and CEO, PGP Corporation. Excellent encryption research is being carried out at a number of major universities, though it's still at a nascent stage.

"Identity theft is one of the fastest-growing cyber-crimes, and, as a result, 38 states have identity theft legislation -- with some states using encryption as a safe haven," said Southwestern Illinois Community College CIO Christine Leja. "The education market as a whole is becoming more serious about protecting student information and is looking to encryption as the means to making that happen."

The annual Campus Computing Survey focuses on IT security and crisis management, finding gaps in preparation but fewer attacks on networks.

In this paper the authors analyze P2P security issues, establishing vulnerabilities that software
clients represent. The authors go on to present experimental evidence of the risk through honeypot
experiments that expose both business and personal financial information and they track the resulting consequences. Their analysis and experimental results show the security risk of P2P file sharing networks.