Your SlideShare is downloading. ×
0
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Risk presentation Sony 2012 The PlayStation Network Security Breach
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Risk presentation Sony 2012 The PlayStation Network Security Breach

324

Published on

Focus on Sony: The PlayStation Network Security Breach …

Focus on Sony: The PlayStation Network Security Breach


Overview
 Focus on Sony

 What data do they Collect?
 High Profile Breach – What Happened and Why?

 The Aftermath

Response  Policies Introduced as a Result  What has Happened Since?  Vulnerabilities in Legalisation

 Sony’s

Sony
 World’s leading digital entertainment brands, with a large

portfolio of multimedia content.
 Sony Computer Entertainment  The PlayStatio

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
324
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Focus on Sony:The PlayStation Network Security Breach IS510 JAMES DELLINGER GRAINNE MALONE JENNIFER MURPHY RAN ZHANG
  • 2. Overview Focus on Sony What data do they Collect? High Profile Breach – What Happened and Why? The Aftermath  Sony’s Response  Policies Introduced as a Result  What has Happened Since? Vulnerabilities in Legalisation
  • 3. Sony World’s leading digital entertainment brands, with a large portfolio of multimedia content. Sony Computer Entertainment The PlayStationNetwork (PSN)
  • 4. PSN Data Collection Name Address Country E-mail address Date of Birth PSN password and login name Credit Card Details Purchase History Answers to Users Security Questions
  • 5. What Happened? Security Breach in PlayStation Network Shutdown of service 77 million users put at risk Personal information stolen
  • 6. Security Issues Weak security system Lack of random number in algorithm Lack of Firewalls Obsolete web applications Lack of Management support
  • 7. Response from Sony ? Very slow reaction time Poor communication Lack of transparency Lack of direction
  • 8. Measures Introduced Software monitoring Penetration andVulnerability testing Encryption Firewalls Security personnel
  • 9. Creation of a New Position - CISO “ to oversee information security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony.” – Sony Corporation
  • 10. Number of Actions Taken Moved PSN server to a new, more secure and unnamed location Enhanced levels of data protection and encryption Enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns Additional firewalls Established a new data center in an undisclosed location with increased security
  • 11. Changes of Terms of Service September 2011 - No Suing Policy!“ Other than those matters listed in the Exclusions fromArbitration clause, you and the Sony Entity that you have aDispute with agree to seek resolution of the Dispute onlythrough arbitration of that Dispute in accordance with theterms of this Section 15, and not litigate any Dispute incourt. Arbitration means that the Dispute will be resolved bya neutral arbitrator instead of in a court by a judge or jury.” - Section 15, Terms of Service, Sony Entertainment Network
  • 12. Recent Scandal ?
  • 13. Ahhhhhh Not Again!!! June 2011 - SQL injection attack against Sony Pictures disclosed personal information of over 1 million Sony customers June 2011 – an attack against Sony’s Developer Network posted 54MB of Sony developer source code. October 2011 – Brute-force attack broken into 93,000 PlayStation and Sony network accounts January 2012 – attack against a several websites operated by Sony for the corporation’s support of the US Stop Online Piracy Act (SOPA).
  • 14. Issues with Legislation Security breaches of this nature fall under data protection and privacy regulation which theEuropean Commission leaves to each EU memberstate unlike Europe’s antitrust regulation, which is centralised. United Kingdom - Information Commissioner’s Office (ICO) Ireland - Data Protection Commissioner
  • 15. Future Legalisation E-Privacy Directive  Aswift, mandatory disclosure about a data breach EU Justice Commissioner ‘They will modernize rules dating from 1995, andcould expand to e-banking, online shopping or thepersonal data field’
  • 16. Conclusion What do you think? Who do you blame? What should be done?

×