C. Warren Axelrod

Old Mother Hubbard and “Building Data Collection In”

Recently I listened to the webcast of a conference on the security-related data needs of researchers and how, if companies would only share the data, which they supposedly have, the academics would be in research heaven. As I listened, I couldn’t help thinking of the English nursery rhyme (http://en.wikipedia.org/wiki/Old_Mother_Hubbard ), which begins:

“Old Mother Hubbard Went to the cupboard, To give the poor dog a bone: When she came there, The cupboard was bare, And so the poor dog had none.”

There appears to be a commonly-held belief by academic researchers, in particular, that good security data do in fact exist and, if only they had access to them, then all our security problems could be solved. Right!

I’m not knocking data sharing. In fact, I have strongly advocated sharing security information for more than a decade as a founder of the first, and most successful, ISAC (Information Sharing and Analysis Center), the Financial Services ISAC (FS-ISAC), in 1999 (see www.fsisac.com). But that is different. The ISACs generally deal with exogenous data … threats, exploits, vulnerabilities … and provide relatively little on actual incidents (in large part because ISAC members are reluctant to provide such data to others for fear of the information getting out to the general public).

No, I am saying something else. I am saying that important data, which could lead to meaningful research, especially as they relate to insider threat and application-level breaches, just don’t exist in useful quantities. And the simple reason for this is that the data are not collected in the first place.

Post a Comment

Your email is never published nor shared. Required fields are marked *