Most manufacturers share case studies writeups to their end users before publishing to make sure they have permission and that there are no issues / details that they do not want disclosed.
However, I have seen some companies just run case studies on their own. I was the victim of one when I was an integrator. An idiot manufacturer ran a press release unbeknownst to us and our military end user. Suffice to say, that created a lot of problems.
So the guideline is run things by the end user and get explicit permission.
My two cents :
" How much is too much " : the only entitled judge is the customer whose site is being described. In my country, you can land into serious trouble if you have such marketing case studies without clear prior approval of the customer.
Secondly the minute technical details in the case study that you forwarded are so boring. Does not make a great reading. It not only compromises sensitive customer details, it also ends up as ordinary marketing.
Chesapeake & Midlantic
While I normally think security through obscurity is silly, giving away the entire store is just as silly. I would have no problem doing a case study in most cases- better to let any interested parties know that security exists and is taken seriously- but I'd keep a few details to myself, including passwords, vulnerabilities, and a detailed list of the security staff's home addresses and greatest fears.
Jim, perhaps you may blowing things out of proportion a bit. Maybe a bit of fear-mongering to be talking about 'inside jobs'! This is bread and butter cctv stuff, not Oceans 11!.
The great majority of hoodlums and b&e types aren't gonna think to look stuff up on the internet to see how the main breaker is wired to the switch or use google earth or read the Engenius manual to find the where the reset button or any of that crap, Sheesh! Unless they are storing gold it doesn't have to be Fort Knox.
You say the customer probably knows that at least some of his details are in google, why not leave it at that?
Maybe the installer gave him a deal on the system asked for a customer reference in return for what the installer knows in his heart is at best is a slightly elevated risk of incidence. Or maybe parts of it are made up to trip up the would be internet theives. Had you considered that possibility? But you do need to consider the fact that installers need to do marketing like anybody else and so just like you can't do a job for no pay, likewise you shouldn't have to do a job without PR. Its about putting food on everybodys table.
Hope I didn't seem to harsh, if I did its probably just because I just ended a 10hr shift myself. Good points though, Jim.