On Tue, 11 Jun 2013 22:55:12 -0400, <valdis.kletni...@vt.edu> wrote:
Do you have any actual evidence that a .edu of (say) 2K employees
is statistically *measurably* less secure than a .com of 2K employees?
We're sorta lookin' at one now. :-)
But seriously, how do you measure one's security? The scope is constantly
changing. While there are companies one can pay to do this, those reports
are *very* rarely published. And I've not heard of a single edu
performing such an audit. The only statistics we have to run with are of
*known* breaches. And that's a very bad metric as a company with no
security at all that's had no (reported) intrusions appears to have very
good security, while a company with extensive security looks very bad
after a few breaches. One has noone sniffing around at all, while the
other has teams going at it with pick-axes. One likely has noone in charge
of security, while the other has an entire security department.