15-30 dataloss incidents daily, sez top Fed cyber-beancounter
The Office of Management and Budget issued a memo in July 2006 requiring agencies to report security incidents that expose personally identifiable information to the U.S. Computer Emergency Readiness Team within one hour of the incident. By June 2007, 40 agencies reported almost 4,000 incidents, an average of about 14 per day. As of this week, the average had increased to 30 a day, said Karen Evans, administrator of the Office of Electronic Government and Information Technology at OMB.
Govexec.com [link to http://www.govexec.com/story_page.cfm?articleid=38348 no longer works]
Sigh.
Just for context, how many breaches does Attrition or Pogo cover on an average day?
278 records in DLDOS in 2007, by my reckoning. We’re 304 days into the year (might be off by one there). So, the answer is “about .9” per day.
So the DLDOS is getting incidents at about 1/24th the rate of CERT? hmmm.
That would be correct.
I don’t keep count on my site, but looking at the week roundups, it looks like I generally post an average of two new reports per day, some of which may be non-U.S. ITRC has been using Pogo as a primary source this year for their analyses, and they show 342 as of October 29th, so they’re running slightly more than 1 per day, but still a far cry from the number of actual and reported exposures.