4. Anatomy (of an EDU exploit) 101
• REPORTED: April 9th, 2009
• INSTITUTION: Penn State
• DEPTH: 10,868 Social Security Numbers
• SECURITY EFFORTS: Malware detection per host
Privacyrights.org
4
5. Economics 101 - Security vs. Clean-up
• Industry estimates of cost per customer record for clean-
ups
– $90 to $305 per customer record
– Costs vary depending on whether the breach is “low-profile” or
“high-profile”, regulations, and state privacy requirements
• Forrester estimated the cost at $70-$80 per record
– This is just for discovery, notification and response including:
Legal counsel
Call centers
Mail notification
5
6. Knowledge is power…
• Identification
• Separation
• Prioritize/Classify
• Audit
• Educate up and down
• Remediate
• Monitor
• Too much?
6