Risk Presentation Sony 2012 PSN Data Breach
-
Upload
james-dellinger -
Category
Documents
-
view
104 -
download
1
description
Transcript of Risk Presentation Sony 2012 PSN Data Breach
![Page 1: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/1.jpg)
IS510
JAMES DELLINGERGRAINNE MALONEJENNIFER MURPHYRAN ZHANG
Focus on Sony:The PlayStation Network
Security Breach
![Page 2: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/2.jpg)
Overview
Focus on SonyWhat data do they Collect?High Profile Breach – What Happened and
Why?The Aftermath
Sony’s ResponsePolicies Introduced as a ResultWhat has Happened Since?
Vulnerabilities in Legalisation
![Page 3: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/3.jpg)
Sony
World’s leading digital entertainment brands, with a large portfolio of multimedia content.
Sony Computer Entertainment
The PlayStation Network (PSN)
![Page 4: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/4.jpg)
PSN Data Collection
NameAddressCountryE-mail addressDate of BirthPSN password and login nameCredit Card DetailsPurchase HistoryAnswers to Users Security Questions
![Page 5: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/5.jpg)
What Happened?
Security Breach in PlayStation Network
Shutdown of service
77 million users put at risk
Personal information stolen
![Page 6: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/6.jpg)
Security Issues
Weak security system
Lack of random number in algorithm
Lack of Firewalls
Obsolete web applications
Lack of Management support
![Page 7: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/7.jpg)
Response from Sony ?
Very slow reaction time
Poor communication
Lack of transparency
Lack of direction
![Page 8: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/8.jpg)
Measures Introduced
Software monitoring
Penetration and Vulnerability testing
Encryption
Firewalls
Security personnel
![Page 9: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/9.jpg)
Creation of a New Position - CISO
“ to oversee information
security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to
Sony.” – Sony Corporation
![Page 10: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/10.jpg)
Number of Actions Taken
Moved PSN server to a new, more secure and
unnamed location
Enhanced levels of data protection and encryption
Enhanced ability to detect software intrusions,
unauthorized access and unusual activity patterns
Additional firewalls
Established a new data center in an undisclosed
location with increased security
![Page 11: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/11.jpg)
Changes of Terms of Service
September 2011 - No Suing Policy!
“ Other than those matters listed in the Exclusions from Arbitration clause, you and the Sony Entity that you have a Dispute with agree to seek resolution of the Dispute only through arbitration of that Dispute in accordance with the terms of this Section 15, and not litigate any Dispute in court. Arbitration means that the Dispute will be resolved by a neutral arbitrator instead of in a court by a judge or jury.”
- Section 15, Terms of Service, Sony Entertainment Network
![Page 12: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/12.jpg)
Recent Scandal ?
![Page 13: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/13.jpg)
Ahhhhhh Not Again!!!
June 2011 - SQL injection attack against Sony Pictures disclosed personal information of over 1 million Sony customers
June 2011 – an attack against Sony’s Developer Network posted 54MB of Sony developer source code.
October 2011 – Brute-force attack broken into 93,000 PlayStation and Sony network accounts
January 2012 – attack against a several websites operated by Sony for the corporation’s support of the US Stop Online Piracy Act (SOPA).
![Page 14: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/14.jpg)
Issues with Legislation
Security breaches of this nature fall under data protection and privacy regulation which the European Commission leaves to each EU
member state unlike Europe’s antitrust regulation, which is centralised.
United Kingdom - Information Commissioner’s Office (ICO)
Ireland - Data Protection Commissioner
![Page 15: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/15.jpg)
Future Legalisation
E-Privacy Directive A swift, mandatory disclosure about a data breach
EU Justice Commissioner ‘They will modernize rules dating from 1995, and could expand to e-banking, online shopping or the personal data field’
![Page 16: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/16.jpg)
![Page 17: Risk Presentation Sony 2012 PSN Data Breach](https://reader035.fdocuments.in/reader035/viewer/2022070301/544c9336b1af9fb3478b4b7c/html5/thumbnails/17.jpg)
Conclusion
What do you think? Who do you blame? What should be done?