• Developed by SafeNet and industry analyst firm IT-Harvest, The Breach Level Index is designed to assign a single number to quantify the severity and magnitude of a data breach;
• Security professionals and general public will be able to leverage the Breach Level Index to better understand the severity of a data breach and its potential impact;
• The index is intended to serve as a benchmark for the industry and help security professionals objectively monitor the progression of breaches and utilize the data for better risk assessment;
• SafeNet calls on security industry professionals to participate in the evolution of the Breach Level Index beginning at RSA Conference.
SafeNet, Inc., a global leader in data protection, today announced that it will preview at the RSA conference the Breach Level Index, a new scale and methodology that calculates the severity of data breaches across multiple dimensions based on breach disclosure information. The Breach Level Index is intended to not only serve as a benchmark for the industry, but to help Chief Information and Chief Security Officers classify the severity of a breach as well as utilize the data in their own risk assessment and planning.
"It is not realistic today to expect enterprises to be able to prevent intruders and insiders from penetrating perimeter defenses and accessing IT resources,” said Richard Stiennon, founder of IT-Harvest. “In a world where breaches are a given, we need to raise the level of discussion to ‘how severe was the breach?’ We developed the Breach Level Index to be a classification tool that enables this level of discussion and better empower security industry professionals to detect and prevent future breaches."
SafeNet collaborated with IT-Harvest to develop the algorithmic formula used to determine breach’s severity. When calculating the scale of data breaches, the Breach Level Index factors a wide variety of inputs, including data type, number of records stolen, breach source and whether or not the high value data remained secure post breach. These inputs are then processed through an algorithm that produces an index number consistent with the Saffir-Simpson hurricane scale: 1 being least severe and 10 being most severe. The scale is open ended (no upper limit) and logarithmic (base 10) so just as in the scales for volcanoes and earthquakes, a score of 7, for instance, is 100 times more severe than a score of 5. For example, the TJX Companies Inc. breach was a 9.1 level breach and the Heartland Payment Systems breach was a 9.3 level breach representing the two largest global breaches to date on the Breach Level Index scale.
"While the volume of breaches continues to increase, it is critical to keep in mind that not all breaches are created equal in terms of the level of severity and damage that they impose on organizations and their customers,” said Dave Hansen, President and CEO, SafeNet. “The Breach Level Index is designed to serve as a guide for security professionals as they navigate the new threat landscape. It will provide CIOs and CSOs with the data needed to better classify breaches, conduct internal risk assessment and planning and most importantly, employ the right security technologies to help ensure that if a breach were to occur, their high value and most sensitive data would not be compromised."
The Breach Level Index is designed to track and measure the severity of breaches globally and it will be calculated on a constant basis as information becomes available, with breach data gathered from multiple sources.
Breach Level Index: Call for Security Professionals
The Breach Level Index was developed by industry experts and evaluated on a wide range of historical breaches. The BLI is an open initiative and as such, SafeNet is calling for security professionals to contribute and participate in this important initiative.
The Breach Level Index will be previewed at RSA
Participants will be able to use the Breach Level Index calculator to determine the level, scope and severity of some of the most widespread breaches of 2012. The breaches that will be analyzed will be derived from a wide range of industries, sources (both internal and external threats) and include large scale academic and government breaches in addition to corporations.
RSA Conference.SafeNet and IT-Harvest will preview the Breach Level Index for RSA participants to evaluate, interact and comment on the formula in SafeNet’s Booth #1825.
IT-Harvest is an industry analyst firm founded by Richard Stiennon, security expert and industry analyst, who is known for disrupting the industry with his insight. IT-Harvest creates reports and analysis of trends in emerging threats and the technology to counter them. Vendors engage IT-Harvest for strategic guidance on product road maps, acquisitions, and influence. Enterprises around the world use IT-Harvest guidance for product and architecture decision making. Wall Street engages with IT-Harvest to identify category leaders, industry trends, and investment opportunities.
About SafeNet, Inc.
Founded in 1983, SafeNet, Inc. (safenet-inc.com) is one of the largest information security companies in the world, and is trusted to protect the most sensitive data for market-leading organizations around the globe. SafeNet’s data-centric approach focuses on the protection of high value information throughout its lifecycle, from the data center to the cloud. More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance, and secure virtual and cloud environments.