Forwarded from: security curmudgeon 

: http://www.informationweek.com/news/showArticle.jhtml?articleID 2100132 
:
: By Sharon Gaudin
:
: The number of companies suffering security breaches has dropped over 
: the last two years, but the severity of the breaches has doubled, 
: according to a new study.
:
: The Computing Technology Industry Association (CompTIA) released a 
: study showing that 66% of the 1,070 organizations surveyed said they 
: did not have a security breach in the previous 12 months.

.. that they know of.

: However, while the number of incidents has dropped, the severity of 
: those attacks has gone in the opposite direction.

.. that they know of.

: CompTIA reported that respondents rated the severity level of their 
: security breaches at a 4.8 on a 0 to 10 scale, where 0 is not at all 
: severe and 10 is very severe. Last year the severity rating stood at 
: 2.3 and the year before that it was 2.6.

.. by who's estimation? There is a clear history of companies 
downplaying breaches to save face and customer confidence.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com