SlideShare a Scribd company logo

Risk presentation Sony 2012 The PlayStation Network Security Breach

Download as PPTX, PDF
James Dellinger
James Dellinger

Focus on Sony: The PlayStation Network Security Breach Overview  Focus on Sony  What data do they Collect?  High Profile Breach – What Happened and Why?  The Aftermath Response  Policies Introduced as a Result  What has Happened Since?  Vulnerabilities in Legalisation  Sony’s Sony  World’s leading digital entertainment brands, with a large portfolio of multimedia content.  Sony Computer Entertainment  The PlayStatio

EducationTechnology
1 of 17
Focus on Sony: The PlayStation Network Security Breach IS510 JAMES DELLINGER GRAINNE MALONE JENNIFER MURPHY RAN ZHANG
Overview  Focus on Sony  What data do they Collect?  High Profile Breach – What Happened and Why?  The Aftermath  Sony’s Response  Policies Introduced as a Result  What has Happened Since?  Vulnerabilities in Legalisation
Sony  World’s leading digital entertainment brands, with a large portfolio of multimedia content.  Sony Computer Entertainment  The PlayStation Network (PSN)
PSN Data Collection  Name  Address  Country  E-mail address  Date of Birth  PSN password and login name  Credit Card Details  Purchase History  Answers to Users Security Questions
What Happened?  Security Breach in PlayStation Network  Shutdown of service  77 million users put at risk  Personal information stolen
Security Issues  Weak security system  Lack of random number in algorithm  Lack of Firewalls  Obsolete web applications  Lack of Management support
Response from Sony ?  Very slow reaction time  Poor communication  Lack of transparency  Lack of direction
Measures Introduced  Software monitoring  Penetration andVulnerability testing  Encryption  Firewalls  Security personnel
Creation of a New Position - CISO “ to oversee information security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony.” – Sony Corporation
Number of Actions Taken  Moved PSN server to a new, more secure and unnamed location  Enhanced levels of data protection and encryption  Enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns  Additional firewalls  Established a new data center in an undisclosed location with increased security
Changes of Terms of Service  September 2011 - No Suing Policy! “ Other than those matters listed in the Exclusions from Arbitration clause, you and the Sony Entity that you have a Dispute with agree to seek resolution of the Dispute only through arbitration of that Dispute in accordance with the terms of this Section 15, and not litigate any Dispute in court. Arbitration means that the Dispute will be resolved by a neutral arbitrator instead of in a court by a judge or jury.” - Section 15, Terms of Service, Sony Entertainment Network
Recent Scandal ?
Ahhhhhh Not Again!!!  June 2011 - SQL injection attack against Sony Pictures disclosed personal information of over 1 million Sony customers  June 2011 – an attack against Sony’s Developer Network posted 54MB of Sony developer source code.  October 2011 – Brute-force attack broken into 93,000 PlayStation and Sony network accounts  January 2012 – attack against a several websites operated by Sony for the corporation’s support of the US Stop Online Piracy Act (SOPA).
Issues with Legislation Security breaches of this nature fall under data protection and privacy regulation which the European Commission leaves to each EU member state unlike Europe’s antitrust regulation, which is centralised.  United Kingdom - Information Commissioner’s Office (ICO)  Ireland - Data Protection Commissioner
Future Legalisation  E-Privacy Directive  Aswift, mandatory disclosure about a data breach  EU Justice Commissioner ‘They will modernize rules dating from 1995, and could expand to e-banking, online shopping or the personal data field’
Conclusion  What do you think? Who do you blame?  What should be done?

Recommended

Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College Workshop
Rahul Nayan
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
Pushkar Pashupat
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSecurity and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Sysfore Technologies
 
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisnullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
n|u - The Open Security Community
 
Cyber security basics
Cyber security basics Cyber security basics
Cyber security basics
Rohit Srivastava
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
Lacoon Mobile Security
 
Mobile security
Mobile securityMobile security
Mobile security
CyberoamAcademy
 

Recommended

Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College Workshop
Rahul Nayan
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
Pushkar Pashupat
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSecurity and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Sysfore Technologies
 
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisnullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
n|u - The Open Security Community
 
Cyber security basics
Cyber security basics Cyber security basics
Cyber security basics
Rohit Srivastava
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
Lacoon Mobile Security
 
Mobile security
Mobile securityMobile security
Mobile security
CyberoamAcademy
 
Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012
Infomanjjb
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
Aurobindo Nayak
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
MarketingArrowECS_CZ
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
Darshan Aswani
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
Ben Graybar
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
Deepak Kumar (D3)
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects Help
Network Simulation Tools
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
Geo Marian
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
CentraComm
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You Think
Blue Coat
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
ambadesuhas
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected World
Russell_Kennedy
 
Cyber security
Cyber security Cyber security
Cyber security
Tanu Basoiya
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
Quick Heal Technologies Ltd.
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
Segun Ebenezer Olaniyan
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
SISA Information Security Pvt.Ltd
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
Nasir Bhutta
 
Hacking presentation
Hacking presentation Hacking presentation
Hacking presentation
Ajith Reddy
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
Anish Rai
 
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat... (Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
James Dellinger
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
Jeff Lemmermann
 

More Related Content

What's hot

Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
Ben Graybar
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 

What's hot (20)

Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects Help
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You Think
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected World
 
Cyber security
Cyber security Cyber security
Cyber security
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
Hacking presentation
Hacking presentation Hacking presentation
Hacking presentation
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 

Similar to Risk presentation Sony 2012 The PlayStation Network Security Breach

What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
Ulf Mattsson
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Mark Henshaw
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network security
Bev Robb
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011
IbuSrikandi
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
Somasundaram Jambunathan
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
Simon Aderinlola
 

Similar to Risk presentation Sony 2012 The PlayStation Network Security Breach (20)

(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat... (Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network security
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 

Recently uploaded

An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
SanaAli374401
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 

Recently uploaded (20)

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 

Risk presentation Sony 2012 The PlayStation Network Security Breach

  • 1. Focus on Sony: The PlayStation Network Security Breach IS510 JAMES DELLINGER GRAINNE MALONE JENNIFER MURPHY RAN ZHANG
  • 2. Overview  Focus on Sony  What data do they Collect?  High Profile Breach – What Happened and Why?  The Aftermath  Sony’s Response  Policies Introduced as a Result  What has Happened Since?  Vulnerabilities in Legalisation
  • 3. Sony  World’s leading digital entertainment brands, with a large portfolio of multimedia content.  Sony Computer Entertainment  The PlayStation Network (PSN)
  • 4. PSN Data Collection  Name  Address  Country  E-mail address  Date of Birth  PSN password and login name  Credit Card Details  Purchase History  Answers to Users Security Questions
  • 5. What Happened?  Security Breach in PlayStation Network  Shutdown of service  77 million users put at risk  Personal information stolen
  • 6. Security Issues  Weak security system  Lack of random number in algorithm  Lack of Firewalls  Obsolete web applications  Lack of Management support
  • 7. Response from Sony ?  Very slow reaction time  Poor communication  Lack of transparency  Lack of direction
  • 8. Measures Introduced  Software monitoring  Penetration andVulnerability testing  Encryption  Firewalls  Security personnel
  • 9. Creation of a New Position - CISO “ to oversee information security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony.” – Sony Corporation
  • 10. Number of Actions Taken  Moved PSN server to a new, more secure and unnamed location  Enhanced levels of data protection and encryption  Enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns  Additional firewalls  Established a new data center in an undisclosed location with increased security
  • 11. Changes of Terms of Service  September 2011 - No Suing Policy! “ Other than those matters listed in the Exclusions from Arbitration clause, you and the Sony Entity that you have a Dispute with agree to seek resolution of the Dispute only through arbitration of that Dispute in accordance with the terms of this Section 15, and not litigate any Dispute in court. Arbitration means that the Dispute will be resolved by a neutral arbitrator instead of in a court by a judge or jury.” - Section 15, Terms of Service, Sony Entertainment Network
  • 13. Ahhhhhh Not Again!!!  June 2011 - SQL injection attack against Sony Pictures disclosed personal information of over 1 million Sony customers  June 2011 – an attack against Sony’s Developer Network posted 54MB of Sony developer source code.  October 2011 – Brute-force attack broken into 93,000 PlayStation and Sony network accounts  January 2012 – attack against a several websites operated by Sony for the corporation’s support of the US Stop Online Piracy Act (SOPA).
  • 14. Issues with Legislation Security breaches of this nature fall under data protection and privacy regulation which the European Commission leaves to each EU member state unlike Europe’s antitrust regulation, which is centralised.  United Kingdom - Information Commissioner’s Office (ICO)  Ireland - Data Protection Commissioner
  • 15. Future Legalisation  E-Privacy Directive  Aswift, mandatory disclosure about a data breach  EU Justice Commissioner ‘They will modernize rules dating from 1995, and could expand to e-banking, online shopping or the personal data field’
  • 16.
  • 17. Conclusion  What do you think? Who do you blame?  What should be done?