SlideShare une entreprise Scribd logo

(Sony) Risk assignment final high profile security breach of Sony’s Playstation Network (PSN)

Télécharger en tant que DOCX, PDF
James Dellinger
James Dellinger

This report will explore the high profile security breach of Sony’s Playstation Network (PSN) that led to millions of users’ personal and financial information being exposed. Focus will be placed on what occurred in the aftermath, analysing Sony’s response.

FormationTechnologieBusiness
1  sur  11
IS510 Risk Management & Regulation in e- Commerce: Focus on Sony 27th April 2012 This report will explore the high profile security breach of Sony’s Playstation Network (PSN) that led to millions of users’ personal and financial information being exposed. Focus will be placed on what occurred in the aftermath, analysing Sony’s response James Dellinger Grainne Malone Jennifer Murphy Ran Zhang
DCU BUSINESS SCHOOL ASSIGNMENT SUBMISSION James Dellinger Grainne Malone Student Name(s) Student Number(s): Jennifer Murphy Ran Zhang Programme: MECB1 - MSc in Electronic Commerce Risk Management & Regulation in e-Commerce Project Title: Assignment: Focus on Sony Module code: IS510 Lecturer: Jack Nagle Project Due Date: 27-APR-2012 Declaration I the undersigned declare that the project material, which I now submit, is my own work. Any assistance received by way of borrowing from the work of others has been cited and acknowledged within the work. I make this declaration in the knowledge that a breach of the rules pertaining to project submission may carry serious consequences. I am aware that the project will not be accepted unless this form has been handed in along with the project. Page | 1
Signed:_________________________ _________________________ _________________________ _________________________ Page | 2
TABLE OF CONTENTS DCU Business School Assignment Submission .............................................................. 1 Introduction ............................................................................................................................ 4 Company Overview ............................................................................................................... 4 PSN Data Collection ........................................................................................................... 4 High Profile Data Breach Incident ..................................................................................... 5 Why it happened ................................................................................................................. 5 Sony‟s Immediate Response .............................................................................................. 6 Policies Introduced as a Result ......................................................................................... 7 Any Recent Scandal ............................................................................................................ 7 Vulnerabilities in Legislation.............................................................................................. 7 Conclusions ............................................................................................................................. 9 References/Literature ............................................................................................................ 9 Page | 3
INTRODUCTION It is anticipated that global e-commerce revenue will hit $963 billion by 2013, with predicted growth of 19% annually (Rao, L., 2011). This growth will undoubtedly see more consumers handing over personal financial data. With frequent high profile online security breaches jeopardising consumer‟s information, the focus must be on what measures companies are taking to secure this data and what legislation exists to place obligations on commercial entities to meet acceptable standards of online security. This report will explore the high profile security breach of Sony‟s Playstation Network (PSN) that led to millions of users‟ personal and financial information being exposed. Focus will be placed on what occurred in the aftermath, analysing Sony‟s response. An analysis will also be made of the damage if any that was done to the company‟s‟ corporate reputation, and the measures that have been brought about to negate any damage done to the brand‟s reputation and avoid such a scenario arising again. Finally, there will be a discussion as to the role of legislation in defining Sony‟s legal responsibility with respect to this incident. COMPANY OVERVIEW Sony needs little introduction as one of the world‟s leading digital entertainment brands, with a large portfolio of multimedia content. A key focus for Sony is its gaming division, Sony Computer Entertainment, a major video game company specializing in a variety of areas in the video game industry which is the focus of this report. The PlayStation Network (PSN) is an online multiplayer gamingdigital media delivery service, in order to use the service users are required to create an account. PSN DATA COLLECTION Sony collects data from its Playstation Network account holders for the purpose of billing. Data collection is as follows: Page | 4
Name Address Country E-mail address Date of Birth PSN password and login name Apart from this profile data, additional information is compiled internally including purchase history and billing address, the security question answers to user‟s accounts. HIGH PROFILE DATA BREACH INCIDENT On 19th April 2011 Sony discovered a security breach in its PlayStation Network (PSN) resulting in a temporary shutdown of service for users. Customers were unable to download any games or play online. Qriocity, Sony‟s music and video streaming service was also impacted (O‟Brien, 2011). Hackers had exposed a weakness in the encryption system, obtaining the public key needed to run any software on the machines (Stuart,2011). This breach was one of the most significant ever, with 77 million users put at risk of fraudulent activity via credit cards. The hackers stole users personal information which if sold on through online black markets had a potential worth of £100 million (Arthur and Stuart 2011). WHY IT HAPPENED The attack on the Sony PlayStation Network was enabled by the lack of a random number in the algorithm utilised by the security system therein. This ultimately allowed the secret key used for the protection of digital content on the system to be discovered. This was a crucial mistake for Sony to make (Markoff, 2012). The security practices in place in Sony also left much to be desired. The company failed to protect the networks by using firewalls. Sony was also using Web applications Page | 5
that were obsolete, making the company sites attractive targets for hacking activity. Outdated versions of the Apache Web server were in use and there were no patches applied on the PlayStation network. There was no firewall running on the PlayStation network servers (Rashid, 2011). Within the Sony organisation, at board level, there were also problems and failings. There existed organisational complexity and a lack of adequate support for security. It is not known exactly what security measures Sony had in place prior to the breach. However, organisational complacency also played a role in the PlayStation Network attacks. Security entails more than adequate software and encryption; all aspects of the company require involvement; people, processes and technology. (Boyd and Thomas, 2011). SONY‟S IMMEDIATE RESPONSE The response from Sony to the PlayStation Network attack was far from ideal. It took until April 26th, a week after the event, for the company to admit that personal information had in fact been stolen and the possibility that credit card information had also been taken. It took until day 11 for Sony executives to apologise with the CEO Howard Stringer still remaining publically silent. The lack of clear communication, transparency and direction to their customers following the security breach was extremely poor. On May 6th an apology from Stringer finally came. The company would offer all their PlayStation network customers free credit for a year and monitoring for ID theft (Noer 2011). New security measures were implemented by the company. They consulted with security experts to put in place security to strengthen the safeguards to stop unauthorised activity and protect the personal information of their customers. These new security systems put in place included software monitoring, penetration and vulnerability testing. Increased encryption and firewalls were also put in place. Symantec worked with Sony to improve this security and relocate the network to another data center. The company also recognised the need for improved management. (Takahashi, 2011). Page | 6
POLICIES INTRODUCED AS A RESULT A few months after the attack, Sony Computer Entertainment has created a new position – Chief information security Officer (CISO), and appointed a former Microsoft executive and the director of the National Cyber Security Center at the US Department of Homeland Security Phillip Reitinger to this position, responsible for "security of Sony's information assets and services”. His job is to oversee information security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony. (Source: Sony Corp. Info) Sony also introduced a line of sentence in their Terms of Service, asking users to agree that not to take legal actions against Sony in court. (Source: Section 15, Terms of Services, Sony Entertainment Network) This was criticised by the public, however Sony claimed that it was for the benefit of both Sony itself and the customers. ANY RECENT SCANDAL Even after Sony has claimed that the level of data protection has increased, it still remained the target of several security breaches. 1. June 2011: An SQL injection attack by a computer hack group – LulzSec against Sony Pictures disclosed personal information of over 1 million Sony customers. 2. June 2011: Just a few days after the SQL injection attack, the same hack group targeted Sony‟s developer network and posted details of Sony BMG network maps from a New York City office and 54MB of Sony developer source code. 3. October 2011: Brute-force attack broke into 93,000 PlayStation and Sony network accounts. 4. January 2012: attacks agains a several websites operated by Sony for the corporation‟s support of the US Stop Online Piracy Act (SOPA). VULNERABILITIES IN LEGISLATION European Regulations Page | 7
In Europe, security breaches of this nature fall under data protection and privacy regulation which the European Commission leaves to each EU member state unlike Europe‟s antitrust regulation, which is centralised. In the aftermath of Sony‟s breach, a number of European countries launched independent investigations The power of this centralised approach means that and the European Commission has the power to issue multibillion euro fines to companies found in breach, which it has successfully done in the past to companies like Microsoft and Intel. In the United Kingdom, the Information Commissioner‟s Office (ICO), which has the power to fine Sony up to £500,000 if it finds that individuals were „seriously affected‟. However, one year on from the breach a decision on whether Sony will be fined will not be due until early May 2012 according to the ICO website. In Ireland, the Data Protection commissioner contacted Sony Ireland and requested the company to prepare a full report disclosing the risk posed to its Irish customers. The fact that Irish regulation did not require the data protection commissioner to launch an independent investigation (despite the nature of the high profile breach) indicates vulnerability in Irish data protection regulation. Sony was never ordered to pay a fine in Ireland and despite investigations in countries including Spain, France, Germany and the Czech Republic, no country has yet to issue a fine. Although, there are European member states that would be unwilling to relinquish control of their data protection regulations, it must be highlighted that the lack of centralisation means that serious security breaches involving consumer data are occurring without any damaging financial penalties being imposed on the company. With little implications or consequences in place for breaches of this magnitude, it could be argued that as a result there is also little motivation for companies to invest heavily in security and policies that would protect their consumer data. This breach ignited new discussions in Europe regarding the extension of current data protection laws beyond the telecommunications industry. These laws, known as the E-Privacy Directive, currently affect the telecommunication industry and require telecom networks in the EU to make a swift, mandatory disclosure about Page | 8
a data breach. If the proposed extension to the directive is made, Matthew Newman,a spokesman for the EU Justice Commissioner was quoted as saying „they will modernize rules dating from 1995, and could expand to e-banking, online shopping or the personal data field‟ CONCLUSIONS The Sony case has taught different people many lessons. For our interest in risks and how they relate to consumer information and data breaches this remains is an important case to study. The terms of a companies duty to disclose has been more closely scrunitized by regulators worldwide given the large fraud related concerns. This was primarily due to Sony‟s poor response to inquiries during the crisis. More lenient legal contructs (like California‟s) regarding obligations to inform customers and clients of data breaches have become more noticably in of reform for consumer and fraud pertection. However, what is actually changes at the American federal and European intergovermental level are still up in the air. REFERENCES/LITERATURE Arthur C. and Stuart, K. 2011. PlayStation Network users fear identity theft after major data leak [Online]. Available from: http://www.guardian.co.uk/technology/2011/apr/27/playstation-users-identity-theft-data- leak?INTCMP=ILCNETTXT3487 [Accessed April 2012]. Boyd C. and Thomas S. 2011. Security lessons from the PlayStation Network breach[Online]. Available from:http://venturebeat.com/2011/09/22/security-lessons-from-the- playstation-network-breach/[Accessed April 2012]. Markoff, J. 2012. Flaw Found in an Online Encryption Method [Online]. Available from: http://www.nytimes.com/2012/02/15/technology/researchers-find-flaw-in-an-online- encryption-method.html?pagewanted=all [Accessed April 2012]. Noer, M. 2011. Sony Response to PlayStation Security Breach Abysmal [Online]. Available from: http://web.ebscohost.com.remote.library.dcu.ie/ehost/detail?vid=3&hid=19&sid=8911fbf4- 838c-4cfd-b915- Page | 9
9a6091edff44%40sessionmgr14&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=bth&A N=65258326 [Accessed April 2012]. O’Brien, C. 2011. Sony’s PlayStation network hacked [Online]. Available from: http://www.irishtimes.com/newspaper/breaking/2011/0427/breaking2.html [Accessed April 2012]. Rao, Lenna, 2011 “J.P. Morgan: Global E-Commerce Revenue To Grow By 19 Percent In 2011 To $680B” TechCrunch[Online]http://techcrunch.com/2011/01/03/j-p- morgan-global-e-commerce-revenue-to-grow-by-19-percent-in-2011-to-680b/ Rashid, F.Y. 2011. Sony Networks Lacked Firewall, Ran Obsolete Software: Testimony [Online]. Available from: http://www.eweek.com/c/a/Security/Sony-Networks-Lacked- Firewall-Ran-Obsolete-Software-Testimony-103450/ [Accessed April 2012]. Stuart, K. 2011. PlayStation 3 hack – how it happened and what it means [Online]. Available from: http://www.guardian.co.uk/technology/gamesblog/2011/jan/07/playstation-3-hack- ps3?intcmp=239 [Accessed April 2012]. Takahashi, D. 2011. Will PlayStation Network’s improved security be good enough? [Online]. Available from: http://venturebeat.com/2011/05/14/will-the-improved-security-for-playstation-network-be- good-enough/ [Accessed April 2012]. Sony‟s Response to the U.S. House of Representatives, 04 May, 2011, Posted by Patrick Seybold – Sr. Director, Corporate Communications & Social Media, PlayStation Blog, URL: http://blog.us.playstation.com/2011/05/04/sonys- response-to-the-u-s-house-of-representatives/ Philip R. Reitinger is Named Senior Vice President and Chief Inofmation Security Officer, Sony Corporation, Sony Corp. Info., News Releases, September 6, 2011, URL: http://www.sony.net/SonyInfo/News/Press/201109/11-109E/index.html Terms of Service, Sony Entertainment Network, URL: www.sonyentertainmentnetwork.com/terms-of-service/ Page | 10

Recommandé

StuartMillar_13616005_PIA
StuartMillar_13616005_PIAStuartMillar_13616005_PIA
StuartMillar_13616005_PIAStuart Millar
 
Jennings it security overview 1 2
Jennings it security overview 1 2Jennings it security overview 1 2
Jennings it security overview 1 2Donald Jennings
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
E0334035040
E0334035040E0334035040
E0334035040theijes
 
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintPwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintKim Jensen
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Kolluru N Rao
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 

Recommandé

StuartMillar_13616005_PIA
StuartMillar_13616005_PIAStuartMillar_13616005_PIA
StuartMillar_13616005_PIAStuart Millar
 
Jennings it security overview 1 2
Jennings it security overview 1 2Jennings it security overview 1 2
Jennings it security overview 1 2Donald Jennings
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
E0334035040
E0334035040E0334035040
E0334035040theijes
 
PwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintPwC Survey 2010 CIO Reprint
PwC Survey 2010 CIO ReprintKim Jensen
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Kolluru N Rao
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Protecting Data Privacy
Protecting Data PrivacyProtecting Data Privacy
Protecting Data PrivacyDirectorate of Information Security | Ditjen Aptika
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?CPPGroup Plc
 
Cyber liabilty
Cyber liabiltyCyber liabilty
Cyber liabiltyMaran Corporate Risk Associates, Inc.
 
Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Maran Corporate Risk Associates, Inc.
 
Cybertorts
CybertortsCybertorts
Cybertortspanabaha
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Privacy awareness full book-l
Privacy awareness full book-lPrivacy awareness full book-l
Privacy awareness full book-lcoedfvaliantvoora
 
Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Marco Morana
 
1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-main1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-mainCaio Sanchez Christino
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentK Singh
 
Cyber Law With case studies
Cyber Law With case studies Cyber Law With case studies
Cyber Law With case studies Bhagya Bgk
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatChris Ross
 
Cyber crimes trends to watch-full book-l
Cyber crimes trends to watch-full book-lCyber crimes trends to watch-full book-l
Cyber crimes trends to watch-full book-lcoedfvaliantvoora
 
Cyber law case Assignment
Cyber law case AssignmentCyber law case Assignment
Cyber law case Assignment9945446746
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
Cyber law
Cyber lawCyber law
Cyber lawabiabel
 
The Teachers Unions’ Fight for Universal Preschool
The Teachers Unions’ Fight for Universal PreschoolThe Teachers Unions’ Fight for Universal Preschool
The Teachers Unions’ Fight for Universal PreschoolJames Dellinger
 
Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...
Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...
Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...James Dellinger
 
Search engine optimization (SEO) report for content publishing industry
Search engine optimization (SEO) report for content publishing industrySearch engine optimization (SEO) report for content publishing industry
Search engine optimization (SEO) report for content publishing industryJames Dellinger
 

Contenu connexe

Tendances

Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?CPPGroup Plc
 
Cybertorts
CybertortsCybertorts
Cybertortspanabaha
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Privacy awareness full book-l
Privacy awareness full book-lPrivacy awareness full book-l
Privacy awareness full book-lcoedfvaliantvoora
 
Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Marco Morana
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentK Singh
 
Cyber Law With case studies
Cyber Law With case studies Cyber Law With case studies
Cyber Law With case studies Bhagya Bgk
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatChris Ross
 
Cyber crimes trends to watch-full book-l
Cyber crimes trends to watch-full book-lCyber crimes trends to watch-full book-l
Cyber crimes trends to watch-full book-lcoedfvaliantvoora
 
Cyber law case Assignment
Cyber law case AssignmentCyber law case Assignment
Cyber law case Assignment9945446746
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
Cyber law
Cyber lawCyber law
Cyber lawabiabel
 

Tendances (19)

Protecting Data Privacy
Protecting Data PrivacyProtecting Data Privacy
Protecting Data Privacy
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?
 
Cyber liabilty
Cyber liabiltyCyber liabilty
Cyber liabilty
 
Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses
 
Cybertorts
CybertortsCybertorts
Cybertorts
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Privacy awareness full book-l
Privacy awareness full book-lPrivacy awareness full book-l
Privacy awareness full book-l
 
Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012Security And Privacy Cagliari 2012
Security And Privacy Cagliari 2012
 
1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-main1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-main
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environment
 
Cyber Law With case studies
Cyber Law With case studies Cyber Law With case studies
Cyber Law With case studies
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest Threat
 
Cyber crimes trends to watch-full book-l
Cyber crimes trends to watch-full book-lCyber crimes trends to watch-full book-l
Cyber crimes trends to watch-full book-l
 
Cyber law case Assignment
Cyber law case AssignmentCyber law case Assignment
Cyber law case Assignment
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
 
Cyber law
Cyber lawCyber law
Cyber law
 

En vedette

The Teachers Unions’ Fight for Universal Preschool
The Teachers Unions’ Fight for Universal PreschoolThe Teachers Unions’ Fight for Universal Preschool
The Teachers Unions’ Fight for Universal PreschoolJames Dellinger
 
Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...
Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...
Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...James Dellinger
 
Search engine optimization (SEO) report for content publishing industry
Search engine optimization (SEO) report for content publishing industrySearch engine optimization (SEO) report for content publishing industry
Search engine optimization (SEO) report for content publishing industryJames Dellinger
 
Portfolio Final NGM DCU MECB 2012
Portfolio Final NGM DCU MECB 2012 Portfolio Final NGM DCU MECB 2012
Portfolio Final NGM DCU MECB 2012 James Dellinger
 
Democracy Alliance Does America: The Soros-Founded Plutocrats’ Club Forms Sta...
Democracy Alliance Does America: The Soros-Founded Plutocrats’ Club Forms Sta...Democracy Alliance Does America: The Soros-Founded Plutocrats’ Club Forms Sta...
Democracy Alliance Does America: The Soros-Founded Plutocrats’ Club Forms Sta...James Dellinger
 
Digital Business Report - OranginaSchweppes
Digital Business Report - OranginaSchweppesDigital Business Report - OranginaSchweppes
Digital Business Report - OranginaSchweppesJames Dellinger
 
Use of DMAIC for Business Process Improvement in eBusiness
Use of DMAIC for Business Process Improvement in eBusiness Use of DMAIC for Business Process Improvement in eBusiness
Use of DMAIC for Business Process Improvement in eBusiness James Dellinger
 
State Global Warming Laws: How Foundation Grants Affect Climate Policy
State Global Warming Laws: How Foundation Grants Affect Climate PolicyState Global Warming Laws: How Foundation Grants Affect Climate Policy
State Global Warming Laws: How Foundation Grants Affect Climate PolicyJames Dellinger
 
“Energy Independence”: A Formula For Attacking Energy Production
“Energy Independence”: A Formula For Attacking Energy Production“Energy Independence”: A Formula For Attacking Energy Production
“Energy Independence”: A Formula For Attacking Energy ProductionJames Dellinger
 
DCUBS MECB middleware in Web 2.0 Project 2012
DCUBS MECB middleware in Web 2.0 Project 2012DCUBS MECB middleware in Web 2.0 Project 2012
DCUBS MECB middleware in Web 2.0 Project 2012James Dellinger
 
The Funding Exchange Building: “Alternative” Community Foundations
The Funding Exchange Building: “Alternative” Community FoundationsThe Funding Exchange Building: “Alternative” Community Foundations
The Funding Exchange Building: “Alternative” Community FoundationsJames Dellinger
 
Semantic Web Based Sentiment Engine
Semantic Web Based Sentiment EngineSemantic Web Based Sentiment Engine
Semantic Web Based Sentiment EngineJames Dellinger
 
Market Entry Strategy - Southern India
Market Entry Strategy - Southern IndiaMarket Entry Strategy - Southern India
Market Entry Strategy - Southern IndiaJames Dellinger
 
Facebook Commerce and Marketing Analysis
Facebook Commerce and Marketing Analysis Facebook Commerce and Marketing Analysis
Facebook Commerce and Marketing AnalysisJames Dellinger
 
Digital Marketing Strategy for Small Consumer Business
Digital Marketing Strategy for Small Consumer BusinessDigital Marketing Strategy for Small Consumer Business
Digital Marketing Strategy for Small Consumer BusinessJames Dellinger
 
BISC The Ballot Initiative Strategy Center How It Promotes Big Labor’s Politi...
BISC The Ballot Initiative Strategy Center How It Promotes Big Labor’s Politi...BISC The Ballot Initiative Strategy Center How It Promotes Big Labor’s Politi...
BISC The Ballot Initiative Strategy Center How It Promotes Big Labor’s Politi...James Dellinger
 
Smart Growth and Suburbia:What Is It? Who’s Behind It?
Smart Growth and Suburbia:What Is It? Who’s Behind It?Smart Growth and Suburbia:What Is It? Who’s Behind It?
Smart Growth and Suburbia:What Is It? Who’s Behind It?James Dellinger
 

En vedette (18)

The Teachers Unions’ Fight for Universal Preschool
The Teachers Unions’ Fight for Universal PreschoolThe Teachers Unions’ Fight for Universal Preschool
The Teachers Unions’ Fight for Universal Preschool
 
Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...
Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...
Racial Separatism in the Aloha State: The Bishop Estate Trust and Hawaii’s Ka...
 
Search engine optimization (SEO) report for content publishing industry
Search engine optimization (SEO) report for content publishing industrySearch engine optimization (SEO) report for content publishing industry
Search engine optimization (SEO) report for content publishing industry
 
Portfolio Final NGM DCU MECB 2012
Portfolio Final NGM DCU MECB 2012 Portfolio Final NGM DCU MECB 2012
Portfolio Final NGM DCU MECB 2012
 
Democracy Alliance Does America: The Soros-Founded Plutocrats’ Club Forms Sta...
Democracy Alliance Does America: The Soros-Founded Plutocrats’ Club Forms Sta...Democracy Alliance Does America: The Soros-Founded Plutocrats’ Club Forms Sta...
Democracy Alliance Does America: The Soros-Founded Plutocrats’ Club Forms Sta...
 
Digital Business Report - OranginaSchweppes
Digital Business Report - OranginaSchweppesDigital Business Report - OranginaSchweppes
Digital Business Report - OranginaSchweppes
 
Use of DMAIC for Business Process Improvement in eBusiness
Use of DMAIC for Business Process Improvement in eBusiness Use of DMAIC for Business Process Improvement in eBusiness
Use of DMAIC for Business Process Improvement in eBusiness
 
State Global Warming Laws: How Foundation Grants Affect Climate Policy
State Global Warming Laws: How Foundation Grants Affect Climate PolicyState Global Warming Laws: How Foundation Grants Affect Climate Policy
State Global Warming Laws: How Foundation Grants Affect Climate Policy
 
“Energy Independence”: A Formula For Attacking Energy Production
“Energy Independence”: A Formula For Attacking Energy Production“Energy Independence”: A Formula For Attacking Energy Production
“Energy Independence”: A Formula For Attacking Energy Production
 
DCUBS MECB middleware in Web 2.0 Project 2012
DCUBS MECB middleware in Web 2.0 Project 2012DCUBS MECB middleware in Web 2.0 Project 2012
DCUBS MECB middleware in Web 2.0 Project 2012
 
The Funding Exchange Building: “Alternative” Community Foundations
The Funding Exchange Building: “Alternative” Community FoundationsThe Funding Exchange Building: “Alternative” Community Foundations
The Funding Exchange Building: “Alternative” Community Foundations
 
Semantic Web Based Sentiment Engine
Semantic Web Based Sentiment EngineSemantic Web Based Sentiment Engine
Semantic Web Based Sentiment Engine
 
Market Entry Strategy - Southern India
Market Entry Strategy - Southern IndiaMarket Entry Strategy - Southern India
Market Entry Strategy - Southern India
 
Facebook Commerce and Marketing Analysis
Facebook Commerce and Marketing Analysis Facebook Commerce and Marketing Analysis
Facebook Commerce and Marketing Analysis
 
Digital Marketing Strategy for Small Consumer Business
Digital Marketing Strategy for Small Consumer BusinessDigital Marketing Strategy for Small Consumer Business
Digital Marketing Strategy for Small Consumer Business
 
BISC The Ballot Initiative Strategy Center How It Promotes Big Labor’s Politi...
BISC The Ballot Initiative Strategy Center How It Promotes Big Labor’s Politi...BISC The Ballot Initiative Strategy Center How It Promotes Big Labor’s Politi...
BISC The Ballot Initiative Strategy Center How It Promotes Big Labor’s Politi...
 
Smart Growth and Suburbia:What Is It? Who’s Behind It?
Smart Growth and Suburbia:What Is It? Who’s Behind It?Smart Growth and Suburbia:What Is It? Who’s Behind It?
Smart Growth and Suburbia:What Is It? Who’s Behind It?
 
SlideShare 101
SlideShare 101SlideShare 101
SlideShare 101
 

Similaire à (Sony) Risk assignment final high profile security breach of Sony’s Playstation Network (PSN)

Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security BreachRisk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security BreachJames Dellinger
 
Howard environmental analysis
Howard environmental analysisHoward environmental analysis
Howard environmental analysisHaroldHoward2
 
Howard environmental analysis
Howard environmental analysisHoward environmental analysis
Howard environmental analysislydia163540
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Don Grauel
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdfamcointernationaljam
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15haney888
 
Ernst & Young : Intellectual property in a digital world
Ernst & Young : Intellectual property in a digital worldErnst & Young : Intellectual property in a digital world
Ernst & Young : Intellectual property in a digital worldforumdavignon
 
Appinions Information Technology Influence Study_August 2013
Appinions Information Technology Influence Study_August 2013Appinions Information Technology Influence Study_August 2013
Appinions Information Technology Influence Study_August 2013Appinions
 
Data data every where!! Thomas O'Grady
Data data every where!! Thomas O'GradyData data every where!! Thomas O'Grady
Data data every where!! Thomas O'Gradytomo006
 
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdfCase Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdfaccuraprintengineers
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
 
5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internetsuperintendingengine17
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
On November 24 2014 Sony Pictures Entertainment found out .pdf
On November 24 2014 Sony Pictures Entertainment found out .pdfOn November 24 2014 Sony Pictures Entertainment found out .pdf
On November 24 2014 Sony Pictures Entertainment found out .pdfaabdin101
 
Securing the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOSecuring the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOThe Economist Media Businesses
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper FinalLarry Taylor Ph.D.
 

Similaire à (Sony) Risk assignment final high profile security breach of Sony’s Playstation Network (PSN) (20)

Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
 
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security BreachRisk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
 
Howard environmental analysis
Howard environmental analysisHoward environmental analysis
Howard environmental analysis
 
Howard environmental analysis
Howard environmental analysisHoward environmental analysis
Howard environmental analysis
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
 
Ernst & Young : Intellectual property in a digital world
Ernst & Young : Intellectual property in a digital worldErnst & Young : Intellectual property in a digital world
Ernst & Young : Intellectual property in a digital world
 
Appinions Information Technology Influence Study_August 2013
Appinions Information Technology Influence Study_August 2013Appinions Information Technology Influence Study_August 2013
Appinions Information Technology Influence Study_August 2013
 
Data data every where!! Thomas O'Grady
Data data every where!! Thomas O'GradyData data every where!! Thomas O'Grady
Data data every where!! Thomas O'Grady
 
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdfCase Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdf
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
 
5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet5G-and-IoT-vs-cyber-security.pdf internet
5G-and-IoT-vs-cyber-security.pdf internet
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
On November 24 2014 Sony Pictures Entertainment found out .pdf
On November 24 2014 Sony Pictures Entertainment found out .pdfOn November 24 2014 Sony Pictures Entertainment found out .pdf
On November 24 2014 Sony Pictures Entertainment found out .pdf
 
Securing the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOSecuring the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEO
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
 
2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final2010 6 Things u need 2 know in 2010 Whitepaper Final
2010 6 Things u need 2 know in 2010 Whitepaper Final
 

Dernier

Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 

Dernier (20)

Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 

(Sony) Risk assignment final high profile security breach of Sony’s Playstation Network (PSN)

  • 1. IS510 Risk Management & Regulation in e- Commerce: Focus on Sony 27th April 2012 This report will explore the high profile security breach of Sony’s Playstation Network (PSN) that led to millions of users’ personal and financial information being exposed. Focus will be placed on what occurred in the aftermath, analysing Sony’s response James Dellinger Grainne Malone Jennifer Murphy Ran Zhang
  • 2. DCU BUSINESS SCHOOL ASSIGNMENT SUBMISSION James Dellinger Grainne Malone Student Name(s) Student Number(s): Jennifer Murphy Ran Zhang Programme: MECB1 - MSc in Electronic Commerce Risk Management & Regulation in e-Commerce Project Title: Assignment: Focus on Sony Module code: IS510 Lecturer: Jack Nagle Project Due Date: 27-APR-2012 Declaration I the undersigned declare that the project material, which I now submit, is my own work. Any assistance received by way of borrowing from the work of others has been cited and acknowledged within the work. I make this declaration in the knowledge that a breach of the rules pertaining to project submission may carry serious consequences. I am aware that the project will not be accepted unless this form has been handed in along with the project. Page | 1
  • 3. Signed:_________________________ _________________________ _________________________ _________________________ Page | 2
  • 4. TABLE OF CONTENTS DCU Business School Assignment Submission .............................................................. 1 Introduction ............................................................................................................................ 4 Company Overview ............................................................................................................... 4 PSN Data Collection ........................................................................................................... 4 High Profile Data Breach Incident ..................................................................................... 5 Why it happened ................................................................................................................. 5 Sony‟s Immediate Response .............................................................................................. 6 Policies Introduced as a Result ......................................................................................... 7 Any Recent Scandal ............................................................................................................ 7 Vulnerabilities in Legislation.............................................................................................. 7 Conclusions ............................................................................................................................. 9 References/Literature ............................................................................................................ 9 Page | 3
  • 5. INTRODUCTION It is anticipated that global e-commerce revenue will hit $963 billion by 2013, with predicted growth of 19% annually (Rao, L., 2011). This growth will undoubtedly see more consumers handing over personal financial data. With frequent high profile online security breaches jeopardising consumer‟s information, the focus must be on what measures companies are taking to secure this data and what legislation exists to place obligations on commercial entities to meet acceptable standards of online security. This report will explore the high profile security breach of Sony‟s Playstation Network (PSN) that led to millions of users‟ personal and financial information being exposed. Focus will be placed on what occurred in the aftermath, analysing Sony‟s response. An analysis will also be made of the damage if any that was done to the company‟s‟ corporate reputation, and the measures that have been brought about to negate any damage done to the brand‟s reputation and avoid such a scenario arising again. Finally, there will be a discussion as to the role of legislation in defining Sony‟s legal responsibility with respect to this incident. COMPANY OVERVIEW Sony needs little introduction as one of the world‟s leading digital entertainment brands, with a large portfolio of multimedia content. A key focus for Sony is its gaming division, Sony Computer Entertainment, a major video game company specializing in a variety of areas in the video game industry which is the focus of this report. The PlayStation Network (PSN) is an online multiplayer gamingdigital media delivery service, in order to use the service users are required to create an account. PSN DATA COLLECTION Sony collects data from its Playstation Network account holders for the purpose of billing. Data collection is as follows: Page | 4
  • 6. Name Address Country E-mail address Date of Birth PSN password and login name Apart from this profile data, additional information is compiled internally including purchase history and billing address, the security question answers to user‟s accounts. HIGH PROFILE DATA BREACH INCIDENT On 19th April 2011 Sony discovered a security breach in its PlayStation Network (PSN) resulting in a temporary shutdown of service for users. Customers were unable to download any games or play online. Qriocity, Sony‟s music and video streaming service was also impacted (O‟Brien, 2011). Hackers had exposed a weakness in the encryption system, obtaining the public key needed to run any software on the machines (Stuart,2011). This breach was one of the most significant ever, with 77 million users put at risk of fraudulent activity via credit cards. The hackers stole users personal information which if sold on through online black markets had a potential worth of £100 million (Arthur and Stuart 2011). WHY IT HAPPENED The attack on the Sony PlayStation Network was enabled by the lack of a random number in the algorithm utilised by the security system therein. This ultimately allowed the secret key used for the protection of digital content on the system to be discovered. This was a crucial mistake for Sony to make (Markoff, 2012). The security practices in place in Sony also left much to be desired. The company failed to protect the networks by using firewalls. Sony was also using Web applications Page | 5
  • 7. that were obsolete, making the company sites attractive targets for hacking activity. Outdated versions of the Apache Web server were in use and there were no patches applied on the PlayStation network. There was no firewall running on the PlayStation network servers (Rashid, 2011). Within the Sony organisation, at board level, there were also problems and failings. There existed organisational complexity and a lack of adequate support for security. It is not known exactly what security measures Sony had in place prior to the breach. However, organisational complacency also played a role in the PlayStation Network attacks. Security entails more than adequate software and encryption; all aspects of the company require involvement; people, processes and technology. (Boyd and Thomas, 2011). SONY‟S IMMEDIATE RESPONSE The response from Sony to the PlayStation Network attack was far from ideal. It took until April 26th, a week after the event, for the company to admit that personal information had in fact been stolen and the possibility that credit card information had also been taken. It took until day 11 for Sony executives to apologise with the CEO Howard Stringer still remaining publically silent. The lack of clear communication, transparency and direction to their customers following the security breach was extremely poor. On May 6th an apology from Stringer finally came. The company would offer all their PlayStation network customers free credit for a year and monitoring for ID theft (Noer 2011). New security measures were implemented by the company. They consulted with security experts to put in place security to strengthen the safeguards to stop unauthorised activity and protect the personal information of their customers. These new security systems put in place included software monitoring, penetration and vulnerability testing. Increased encryption and firewalls were also put in place. Symantec worked with Sony to improve this security and relocate the network to another data center. The company also recognised the need for improved management. (Takahashi, 2011). Page | 6
  • 8. POLICIES INTRODUCED AS A RESULT A few months after the attack, Sony Computer Entertainment has created a new position – Chief information security Officer (CISO), and appointed a former Microsoft executive and the director of the National Cyber Security Center at the US Department of Homeland Security Phillip Reitinger to this position, responsible for "security of Sony's information assets and services”. His job is to oversee information security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony. (Source: Sony Corp. Info) Sony also introduced a line of sentence in their Terms of Service, asking users to agree that not to take legal actions against Sony in court. (Source: Section 15, Terms of Services, Sony Entertainment Network) This was criticised by the public, however Sony claimed that it was for the benefit of both Sony itself and the customers. ANY RECENT SCANDAL Even after Sony has claimed that the level of data protection has increased, it still remained the target of several security breaches. 1. June 2011: An SQL injection attack by a computer hack group – LulzSec against Sony Pictures disclosed personal information of over 1 million Sony customers. 2. June 2011: Just a few days after the SQL injection attack, the same hack group targeted Sony‟s developer network and posted details of Sony BMG network maps from a New York City office and 54MB of Sony developer source code. 3. October 2011: Brute-force attack broke into 93,000 PlayStation and Sony network accounts. 4. January 2012: attacks agains a several websites operated by Sony for the corporation‟s support of the US Stop Online Piracy Act (SOPA). VULNERABILITIES IN LEGISLATION European Regulations Page | 7
  • 9. In Europe, security breaches of this nature fall under data protection and privacy regulation which the European Commission leaves to each EU member state unlike Europe‟s antitrust regulation, which is centralised. In the aftermath of Sony‟s breach, a number of European countries launched independent investigations The power of this centralised approach means that and the European Commission has the power to issue multibillion euro fines to companies found in breach, which it has successfully done in the past to companies like Microsoft and Intel. In the United Kingdom, the Information Commissioner‟s Office (ICO), which has the power to fine Sony up to £500,000 if it finds that individuals were „seriously affected‟. However, one year on from the breach a decision on whether Sony will be fined will not be due until early May 2012 according to the ICO website. In Ireland, the Data Protection commissioner contacted Sony Ireland and requested the company to prepare a full report disclosing the risk posed to its Irish customers. The fact that Irish regulation did not require the data protection commissioner to launch an independent investigation (despite the nature of the high profile breach) indicates vulnerability in Irish data protection regulation. Sony was never ordered to pay a fine in Ireland and despite investigations in countries including Spain, France, Germany and the Czech Republic, no country has yet to issue a fine. Although, there are European member states that would be unwilling to relinquish control of their data protection regulations, it must be highlighted that the lack of centralisation means that serious security breaches involving consumer data are occurring without any damaging financial penalties being imposed on the company. With little implications or consequences in place for breaches of this magnitude, it could be argued that as a result there is also little motivation for companies to invest heavily in security and policies that would protect their consumer data. This breach ignited new discussions in Europe regarding the extension of current data protection laws beyond the telecommunications industry. These laws, known as the E-Privacy Directive, currently affect the telecommunication industry and require telecom networks in the EU to make a swift, mandatory disclosure about Page | 8
  • 10. a data breach. If the proposed extension to the directive is made, Matthew Newman,a spokesman for the EU Justice Commissioner was quoted as saying „they will modernize rules dating from 1995, and could expand to e-banking, online shopping or the personal data field‟ CONCLUSIONS The Sony case has taught different people many lessons. For our interest in risks and how they relate to consumer information and data breaches this remains is an important case to study. The terms of a companies duty to disclose has been more closely scrunitized by regulators worldwide given the large fraud related concerns. This was primarily due to Sony‟s poor response to inquiries during the crisis. More lenient legal contructs (like California‟s) regarding obligations to inform customers and clients of data breaches have become more noticably in of reform for consumer and fraud pertection. However, what is actually changes at the American federal and European intergovermental level are still up in the air. REFERENCES/LITERATURE Arthur C. and Stuart, K. 2011. PlayStation Network users fear identity theft after major data leak [Online]. Available from: http://www.guardian.co.uk/technology/2011/apr/27/playstation-users-identity-theft-data- leak?INTCMP=ILCNETTXT3487 [Accessed April 2012]. Boyd C. and Thomas S. 2011. Security lessons from the PlayStation Network breach[Online]. Available from:http://venturebeat.com/2011/09/22/security-lessons-from-the- playstation-network-breach/[Accessed April 2012]. Markoff, J. 2012. Flaw Found in an Online Encryption Method [Online]. Available from: http://www.nytimes.com/2012/02/15/technology/researchers-find-flaw-in-an-online- encryption-method.html?pagewanted=all [Accessed April 2012]. Noer, M. 2011. Sony Response to PlayStation Security Breach Abysmal [Online]. Available from: http://web.ebscohost.com.remote.library.dcu.ie/ehost/detail?vid=3&hid=19&sid=8911fbf4- 838c-4cfd-b915- Page | 9
  • 11. 9a6091edff44%40sessionmgr14&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=bth&A N=65258326 [Accessed April 2012]. O’Brien, C. 2011. Sony’s PlayStation network hacked [Online]. Available from: http://www.irishtimes.com/newspaper/breaking/2011/0427/breaking2.html [Accessed April 2012]. Rao, Lenna, 2011 “J.P. Morgan: Global E-Commerce Revenue To Grow By 19 Percent In 2011 To $680B” TechCrunch[Online]http://techcrunch.com/2011/01/03/j-p- morgan-global-e-commerce-revenue-to-grow-by-19-percent-in-2011-to-680b/ Rashid, F.Y. 2011. Sony Networks Lacked Firewall, Ran Obsolete Software: Testimony [Online]. Available from: http://www.eweek.com/c/a/Security/Sony-Networks-Lacked- Firewall-Ran-Obsolete-Software-Testimony-103450/ [Accessed April 2012]. Stuart, K. 2011. PlayStation 3 hack – how it happened and what it means [Online]. Available from: http://www.guardian.co.uk/technology/gamesblog/2011/jan/07/playstation-3-hack- ps3?intcmp=239 [Accessed April 2012]. Takahashi, D. 2011. Will PlayStation Network’s improved security be good enough? [Online]. Available from: http://venturebeat.com/2011/05/14/will-the-improved-security-for-playstation-network-be- good-enough/ [Accessed April 2012]. Sony‟s Response to the U.S. House of Representatives, 04 May, 2011, Posted by Patrick Seybold – Sr. Director, Corporate Communications & Social Media, PlayStation Blog, URL: http://blog.us.playstation.com/2011/05/04/sonys- response-to-the-u-s-house-of-representatives/ Philip R. Reitinger is Named Senior Vice President and Chief Inofmation Security Officer, Sony Corporation, Sony Corp. Info., News Releases, September 6, 2011, URL: http://www.sony.net/SonyInfo/News/Press/201109/11-109E/index.html Terms of Service, Sony Entertainment Network, URL: www.sonyentertainmentnetwork.com/terms-of-service/ Page | 10