SlideShare une entreprise Scribd logo
1  sur  17
Télécharger pour lire hors ligne
Focus on Sony:
The PlayStation Network
    Security Breach

 IS510

 JAMES DELLINGER
 GRAINNE MALONE
 JENNIFER MURPHY
 RAN ZHANG
Overview

 Focus on Sony
 What data do they Collect?
 High Profile Breach – What Happened and Why?
 The Aftermath
  Sony’s  Response
   Policies Introduced as a Result

   What has Happened Since?

 Vulnerabilities in Legalisation
Sony

 World’s leading digital entertainment brands, with a large
  portfolio of multimedia content.

 Sony Computer Entertainment


 The PlayStation
Network (PSN)
PSN Data Collection

 Name
 Address
 Country
 E-mail address
 Date of Birth
 PSN password and login name
 Credit Card Details
 Purchase History
 Answers to Users Security Questions
What Happened?


 Security Breach in PlayStation Network


 Shutdown of service


 77 million users put at risk


 Personal information stolen
Security Issues

 Weak security system


 Lack of random number in algorithm


 Lack of Firewalls


 Obsolete web applications


 Lack of Management support
Response from Sony ?


 Very slow reaction time


 Poor communication


 Lack of transparency


 Lack of direction
Measures Introduced

 Software monitoring


 Penetration andVulnerability testing


 Encryption


 Firewalls


 Security personnel
Creation of a New Position - CISO

               “ to oversee information
               security, privacy and internet
               safety across the company,
               coordinating closely with key
               headquarters groups and
               working in partnership with
               the information security
               community to bring the best
               ideas and approaches to
               Sony.”
                           – Sony Corporation
Number of Actions Taken

 Moved PSN server to a new, more secure and unnamed
 location
 Enhanced levels of data protection and encryption

 Enhanced ability to detect software intrusions,
 unauthorized access and unusual activity patterns
 Additional firewalls

 Established a new data center in an undisclosed
 location with increased security
Changes of Terms of Service

 September 2011 - No Suing Policy!

“ Other than those matters listed in the Exclusions from
Arbitration clause, you and the Sony Entity that you have a
Dispute with agree to seek resolution of the Dispute only
through arbitration of that Dispute in accordance with the
terms of this Section 15, and not litigate any Dispute in
court. Arbitration means that the Dispute will be resolved by
a neutral arbitrator instead of in a court by a judge or jury.”
                 - Section 15, Terms of Service, Sony Entertainment Network
Recent Scandal ?
Ahhhhhh Not Again!!!

 June 2011 - SQL injection attack against Sony
 Pictures disclosed personal information of over 1
 million Sony customers
 June 2011 – an attack against Sony’s Developer
 Network posted 54MB of Sony developer source code.
 October 2011 – Brute-force attack broken into
 93,000 PlayStation and Sony network accounts
 January 2012 – attack against a several websites
 operated by Sony for the corporation’s support of the
 US Stop Online Piracy Act (SOPA).
Issues with Legislation

  Security breaches of this nature fall under data
   protection and privacy regulation which the
European Commission leaves to each EU member
state unlike Europe’s antitrust regulation, which is
                   centralised.

 United Kingdom - Information Commissioner’s
 Office (ICO)

 Ireland - Data Protection Commissioner
Future Legalisation


 E-Privacy Directive
   Aswift, mandatory disclosure about a data breach



 EU Justice Commissioner
 ‘They will modernize rules dating from 1995, and
could expand to e-banking, online shopping or the
personal data field’
Risk presentation Sony 2012 The PlayStation Network Security Breach
Conclusion

 What do you think? Who do you blame?
 What should be done?

Contenu connexe

Tendances

Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012Infomanjjb
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected WorldRussell_Kennedy
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...Segun Ebenezer Olaniyan
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile  security presentation v1.2C0c0n 2011 mobile  security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Hacking presentation
Hacking presentation Hacking presentation
Hacking presentation Ajith Reddy
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 

Tendances (20)

Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Mobile Security Research Projects Help
Mobile Security  Research Projects HelpMobile Security  Research Projects Help
Mobile Security Research Projects Help
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You Think
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected World
 
Cyber security
 Cyber security Cyber security
Cyber security
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile  security presentation v1.2C0c0n 2011 mobile  security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
Hacking presentation
Hacking presentation Hacking presentation
Hacking presentation
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 

Similaire à Risk presentation Sony 2012 The PlayStation Network Security Breach

(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
 (Sony) Risk assignment final high profile security breach of Sony’s Playstat... (Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...James Dellinger
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...Jonathan Care
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?CPPGroup Plc
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk   intrusion prevention are we joking - henshaw july 2010 aBright talk   intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Benjamin Ang
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network securityBev Robb
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management   fujitsu-fms event 15 aug 2011Risk base approach for security management   fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011IbuSrikandi
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)Caston Thomas
 

Similaire à Risk presentation Sony 2012 The PlayStation Network Security Breach (20)

(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
 (Sony) Risk assignment final high profile security breach of Sony’s Playstat... (Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk   intrusion prevention are we joking - henshaw july 2010 aBright talk   intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network security
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management   fujitsu-fms event 15 aug 2011Risk base approach for security management   fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
Essay About Tft2
Essay About Tft2Essay About Tft2
Essay About Tft2
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)
 

Dernier

P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfYu Kanazawa / Osaka University
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxMYDA ANGELICA SUAN
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfMohonDas
 
Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesMohammad Hassany
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxKatherine Villaluna
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesCeline George
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17Celine George
 
The Singapore Teaching Practice document
The Singapore Teaching Practice documentThe Singapore Teaching Practice document
The Singapore Teaching Practice documentXsasf Sfdfasd
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICESayali Powar
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsEugene Lysak
 
How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17Celine George
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptxSandy Millin
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...raviapr7
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...Nguyen Thanh Tu Collection
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxKatherine Villaluna
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17Celine George
 

Dernier (20)

P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptx
 
HED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdfHED Office Sohayok Exam Question Solution 2023.pdf
HED Office Sohayok Exam Question Solution 2023.pdf
 
Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming Classes
 
Practical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptxPractical Research 1 Lesson 9 Scope and delimitation.pptx
Practical Research 1 Lesson 9 Scope and delimitation.pptx
 
Prelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quizPrelims of Kant get Marx 2.0: a general politics quiz
Prelims of Kant get Marx 2.0: a general politics quiz
 
How to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 SalesHow to Manage Cross-Selling in Odoo 17 Sales
How to Manage Cross-Selling in Odoo 17 Sales
 
How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17How to Add Existing Field in One2Many Tree View in Odoo 17
How to Add Existing Field in One2Many Tree View in Odoo 17
 
The Singapore Teaching Practice document
The Singapore Teaching Practice documentThe Singapore Teaching Practice document
The Singapore Teaching Practice document
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICE
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 
The Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George WellsThe Stolen Bacillus by Herbert George Wells
The Stolen Bacillus by Herbert George Wells
 
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdfPersonal Resilience in Project Management 2 - TV Edit 1a.pdf
Personal Resilience in Project Management 2 - TV Edit 1a.pdf
 
How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17How to Make a Field read-only in Odoo 17
How to Make a Field read-only in Odoo 17
 
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
2024.03.23 What do successful readers do - Sandy Millin for PARK.pptx
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
CHUYÊN ĐỀ DẠY THÊM TIẾNG ANH LỚP 11 - GLOBAL SUCCESS - NĂM HỌC 2023-2024 - HK...
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17
 

Risk presentation Sony 2012 The PlayStation Network Security Breach

  • 1. Focus on Sony: The PlayStation Network Security Breach IS510 JAMES DELLINGER GRAINNE MALONE JENNIFER MURPHY RAN ZHANG
  • 2. Overview  Focus on Sony  What data do they Collect?  High Profile Breach – What Happened and Why?  The Aftermath  Sony’s Response  Policies Introduced as a Result  What has Happened Since?  Vulnerabilities in Legalisation
  • 3. Sony  World’s leading digital entertainment brands, with a large portfolio of multimedia content.  Sony Computer Entertainment  The PlayStation Network (PSN)
  • 4. PSN Data Collection  Name  Address  Country  E-mail address  Date of Birth  PSN password and login name  Credit Card Details  Purchase History  Answers to Users Security Questions
  • 5. What Happened?  Security Breach in PlayStation Network  Shutdown of service  77 million users put at risk  Personal information stolen
  • 6. Security Issues  Weak security system  Lack of random number in algorithm  Lack of Firewalls  Obsolete web applications  Lack of Management support
  • 7. Response from Sony ?  Very slow reaction time  Poor communication  Lack of transparency  Lack of direction
  • 8. Measures Introduced  Software monitoring  Penetration andVulnerability testing  Encryption  Firewalls  Security personnel
  • 9. Creation of a New Position - CISO “ to oversee information security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony.” – Sony Corporation
  • 10. Number of Actions Taken  Moved PSN server to a new, more secure and unnamed location  Enhanced levels of data protection and encryption  Enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns  Additional firewalls  Established a new data center in an undisclosed location with increased security
  • 11. Changes of Terms of Service  September 2011 - No Suing Policy! “ Other than those matters listed in the Exclusions from Arbitration clause, you and the Sony Entity that you have a Dispute with agree to seek resolution of the Dispute only through arbitration of that Dispute in accordance with the terms of this Section 15, and not litigate any Dispute in court. Arbitration means that the Dispute will be resolved by a neutral arbitrator instead of in a court by a judge or jury.” - Section 15, Terms of Service, Sony Entertainment Network
  • 13. Ahhhhhh Not Again!!!  June 2011 - SQL injection attack against Sony Pictures disclosed personal information of over 1 million Sony customers  June 2011 – an attack against Sony’s Developer Network posted 54MB of Sony developer source code.  October 2011 – Brute-force attack broken into 93,000 PlayStation and Sony network accounts  January 2012 – attack against a several websites operated by Sony for the corporation’s support of the US Stop Online Piracy Act (SOPA).
  • 14. Issues with Legislation Security breaches of this nature fall under data protection and privacy regulation which the European Commission leaves to each EU member state unlike Europe’s antitrust regulation, which is centralised.  United Kingdom - Information Commissioner’s Office (ICO)  Ireland - Data Protection Commissioner
  • 15. Future Legalisation  E-Privacy Directive  Aswift, mandatory disclosure about a data breach  EU Justice Commissioner ‘They will modernize rules dating from 1995, and could expand to e-banking, online shopping or the personal data field’
  • 17. Conclusion  What do you think? Who do you blame?  What should be done?