The Power Law of Information

Presented at BSidesLV 2014, Aug. 5, 2014, 11 a.m. (40 minutes)

Power laws occur widely and irrefutably in economics, physics, biology, and international relations. The root causes of power laws are hard to determine, but a good theory is that proportional random growth causes the phenomenon. This talk will attempt to prove a power law for breach size and breach occurrence volume, using data from over 30,000 businesses. The goal is to show that no matter the set of breaches one picks, the most impactful breach will have more impact than all the others combined. Information security breaches are scale-invariant and distributed according to a power law.

Presenters:

• Michael Roytman - Senior Data Scientist - Kenna Security
  Michael Roytman is Risk I/O's Data Scientist, responsible for building out Risk I/O's predictive analytics functionality. He has written about vulnerability management with Dan Geer of In-Q-Tel, and has previously spoken at RSA, SOURCE, various BSides and SIRAcon. He formerly worked in fraud detection in the finance industry, and holds an MS in operations research from Georgia Tech. In his spare time, he tinkers with everything from bikes to speakers to cars, and works on his pet project:outfitting food trucks with GPS.

Links:

• https://bsideslv2014.sched.com/event/1p3OL49/the-power-law-of-information
• https://infocon.org/cons/Security BSides/BSides Las Vegas/BSides Las Vegas 2014/the power law of information michael roytman.mp4

Similar Presentations:

• GrrCON 2019 / Power Detection
• Black Hat USA 2017 / PEIMA: Harnessing Power Laws to Detect Malicious Activities from Denial of Service to Intrusion Detection, Traffic Analysis, and Beyond
• Black Hat USA 2017 / And Then the Script-Kiddie Said, "Let There be No Light." Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors?