Hey,

I have been trying to find facts related to information security. I am doing a presentation next week to the management team and I really, really want to catch their attention. I am looking for things like (I am making up the numbers, as an example):

- 80% of all attacks comes from inside an organization
- 75% of all web sites are vulnerable to XSS attacks
- Etc

So, do you know where I can find a reliable source for impressive facts?

Thanks!

This may also be a good pdf for some statistics: http://www.ic3.gov/media/annualreport/2009_IC3Report.pdf

It's 2009 though.

SANS has a lot of excellent courses
http://www.sans.org/top-cyber-security-risks/
http://isc.sans.edu/reports.html

Also, OWASP website is very useful
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

You might also find datalossdb useful
http://datalossdb.org/statistics

I would also consider the Verizon 2009 Data Breach Investigations Report. Though I might question the purview, it has a lot of information on the breaches they encountered and corresponding mitigation. The 2010 is due out this summer and they supposedly teamed with the Secret Squirrels.


http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf