Just a quick update on the Stolen Data Impact Model project for today. Basically, we have reached a point where have created an idea that the impact of stolen data should be a curve. We have decided to implement that curve across two axis measured in the following:
Risk to the organization – 0 – 10, obviously subjective.
Those values will be plotted across four time segments: Immediate, Short Term, Intermediate Term and Long Term. Some folks are still discussing if we need a Residual catch all for things that don’t ever go away. If you have thoughts on it, please weigh in.
Thus far, we are leaving the term definitions to the consumer. But we are generally working with them as variable as we run scenarios with variety.
The next step will be to build and publish a couple of quick and dirty sample curves for some common stolen data scenarios. Then, we will begin to generate the scoring mechanism and perhaps a questionnaire for doing the scoring on a more repeatable basis.
If you have thoughts, please weigh in via the comments or touch base with us on Twitter. I will be the main conduit for feedback (@lbhuston).
Thanks for reading and this process is already proving helpful for some folks, so we enjoy working on it.