Data Exfiltration Incident Analysis Results for the ICSE 2016 paper: Discovering “unknown known” security requirements

With the pace at which threats evolve in the security domain, eliciting complete security requirements is particularly challenging. Due to the diversity of exploits and tactics used in cyber attacks and the volume of data incidents, it is difficult to gauge the optimum number of incidents that must be analysed to cover the entire domain space i.e. the patterns of attacks and related countermeasures required to produce a complete set of security requirements. We used a combination of Grounded Theory Method and Incident Fault Trees to analyse a number of data breach incidents with the purpose of identifying Security Requirements. The analysis results for these incidents are listed below. Data Exfiltration Incidents Incident 1: The Nitro Attacks Incident 2: Payment Card Data Theft by POS Memory Scraper Malware (Dexter, BlackPOS) Incident 3: Track2 Data Theft at TJMaxx, and at Heartland Payment Systems Incident 4: Operation Aurora, LulzSec's Sony PlayStation attack Incident 5: The RSA Security Hack via Zero Day Flash Bug Incident 6: Camp and Fowler Data Breach at University of Central Missouri Incident 7: The iPad and AT&T attack Incident 8: Anonymous Hacking - Indictment of Aaron Barr et. al. Incident 9: The Matt Honan 'Epic' Attack Incident 10: APT Attack using vectors such as DropBox and WordPress All data files are available from the linked Google Sites page (https://sites.google.com/site/lancsdataexfiltration/home). Data files are licensed CC-BY.