Monthly Archives: August 2009

DHS IT SCC issue Baseline Risk Assessment

Need to read:

The Department of Homeland Security (DHS) and the Information Technology Sector Coordinating Council (IT SCC) today released the IT Sector Baseline Risk Assessment (ITSRA) to identify and prioritize national-level risks to critical sector-wide IT functions while outlining strategies to mitigate those risks and enhance national and economic security.

“The IT Sector Baseline Risk Assessment is an example of what can happen when public and private sector partners work together and represents a major step forward in mitigating risks to critical infrastructure functions that are essential to both homeland and economic security,” said DHS Assistant Secretary for Cybersecurity and Communications Gregory Schaffer. “While elements of the assessment have already been adopted, the establishment of this iterative platform for assessing IT sector risk will also enable us to address ever more sophisticated threats.”

From Release

IT Sector Baseline Risk Assessment (PDF, 114 pages – 3.37 MB)

Leave a comment

Filed under cybersec organizations, DHS

Unintentional Risk

Yep — the leading cause of cyber security breaches — per RSA study (tip to BBC):

The security vendor RSA revealed that the majority of breaches are actually caused unintentionally by employees.

Its survey showed that firms believed 52% of incidents were accidental and 19% were deliberate.

“Unintentional risk gets overlooked, yet it’s the most serious threat to business,” said the RSA’s Chris Young.

Leave a comment

Filed under cybersecurity