SuzanneWidup.com

One of the first classes I took in my Ph.D. program gave us a research assignment to "develop some new information security metrics".  I settled on the topic of data breaches, and decided to take a look at them from a statistical standpoint.  I looked in the academic literature, and most of the papers dealt with the cost of the breach from a standpoint of the stock value or capital markets.  I found one paper that looked at breaches betwen 2003 and 2005, which was before most of the current data breach laws had come online. 

I did a study on the problem, turned in a paper with the results (I think I had just over 1,000 incidents) and got an A.  I had been bitten by the bug--it was too late.  I kept up the study, looking for new insights to be found in the data.  I added incidents over time, and found new sources as well.  Eventually, I had a database with 2,807 incidents over the span of 5 years. 

I wanted to publish the study so that the widest possible audience could benefit from the information.  I'm happy to announce the publications of The Leaking Vault - Five Years of Data Breaches.  I hope you find the contents useful.