Focus on Sony:The PlayStation Network    Security Breach IS510 JAMES DELLINGER GRAINNE MALONE JENNIFER MURPHY RAN ZHANG
Overview Focus on Sony What data do they Collect? High Profile Breach – What Happened and Why? The Aftermath  Sony’s ...
Sony World’s leading digital entertainment brands, with a large  portfolio of multimedia content. Sony Computer Entertai...
PSN Data Collection Name Address Country E-mail address Date of Birth PSN password and login name Credit Card Detai...
What Happened? Security Breach in PlayStation Network Shutdown of service 77 million users put at risk Personal inform...
Security Issues Weak security system Lack of random number in algorithm Lack of Firewalls Obsolete web applications L...
Response from Sony ? Very slow reaction time Poor communication Lack of transparency Lack of direction
Measures Introduced Software monitoring Penetration andVulnerability testing Encryption Firewalls Security personnel
Creation of a New Position - CISO               “ to oversee information               security, privacy and internet     ...
Number of Actions Taken Moved PSN server to a new, more secure and unnamed location Enhanced levels of data protection a...
Changes of Terms of Service September 2011 - No Suing Policy!“ Other than those matters listed in the Exclusions fromArbi...
Recent Scandal ?
Ahhhhhh Not Again!!! June 2011 - SQL injection attack against Sony Pictures disclosed personal information of over 1 mill...
Issues with Legislation  Security breaches of this nature fall under data   protection and privacy regulation which theEur...
Future Legalisation E-Privacy Directive   Aswift, mandatory disclosure about a data breach EU Justice Commissioner ‘The...
Conclusion What do you think? Who do you blame? What should be done?
Risk presentation Sony 2012 The PlayStation Network Security Breach
Upcoming SlideShare
Loading in …5
×

Risk presentation Sony 2012 The PlayStation Network Security Breach

386 views

Published on

Focus on Sony: The PlayStation Network Security Breach


Overview
 Focus on Sony

 What data do they Collect?
 High Profile Breach – What Happened and Why?

 The Aftermath

Response  Policies Introduced as a Result  What has Happened Since?  Vulnerabilities in Legalisation

 Sony’s

Sony
 World’s leading digital entertainment brands, with a large

portfolio of multimedia content.
 Sony Computer Entertainment  The PlayStatio

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
386
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Risk presentation Sony 2012 The PlayStation Network Security Breach

  1. 1. Focus on Sony:The PlayStation Network Security Breach IS510 JAMES DELLINGER GRAINNE MALONE JENNIFER MURPHY RAN ZHANG
  2. 2. Overview Focus on Sony What data do they Collect? High Profile Breach – What Happened and Why? The Aftermath  Sony’s Response  Policies Introduced as a Result  What has Happened Since? Vulnerabilities in Legalisation
  3. 3. Sony World’s leading digital entertainment brands, with a large portfolio of multimedia content. Sony Computer Entertainment The PlayStationNetwork (PSN)
  4. 4. PSN Data Collection Name Address Country E-mail address Date of Birth PSN password and login name Credit Card Details Purchase History Answers to Users Security Questions
  5. 5. What Happened? Security Breach in PlayStation Network Shutdown of service 77 million users put at risk Personal information stolen
  6. 6. Security Issues Weak security system Lack of random number in algorithm Lack of Firewalls Obsolete web applications Lack of Management support
  7. 7. Response from Sony ? Very slow reaction time Poor communication Lack of transparency Lack of direction
  8. 8. Measures Introduced Software monitoring Penetration andVulnerability testing Encryption Firewalls Security personnel
  9. 9. Creation of a New Position - CISO “ to oversee information security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony.” – Sony Corporation
  10. 10. Number of Actions Taken Moved PSN server to a new, more secure and unnamed location Enhanced levels of data protection and encryption Enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns Additional firewalls Established a new data center in an undisclosed location with increased security
  11. 11. Changes of Terms of Service September 2011 - No Suing Policy!“ Other than those matters listed in the Exclusions fromArbitration clause, you and the Sony Entity that you have aDispute with agree to seek resolution of the Dispute onlythrough arbitration of that Dispute in accordance with theterms of this Section 15, and not litigate any Dispute incourt. Arbitration means that the Dispute will be resolved bya neutral arbitrator instead of in a court by a judge or jury.” - Section 15, Terms of Service, Sony Entertainment Network
  12. 12. Recent Scandal ?
  13. 13. Ahhhhhh Not Again!!! June 2011 - SQL injection attack against Sony Pictures disclosed personal information of over 1 million Sony customers June 2011 – an attack against Sony’s Developer Network posted 54MB of Sony developer source code. October 2011 – Brute-force attack broken into 93,000 PlayStation and Sony network accounts January 2012 – attack against a several websites operated by Sony for the corporation’s support of the US Stop Online Piracy Act (SOPA).
  14. 14. Issues with Legislation Security breaches of this nature fall under data protection and privacy regulation which theEuropean Commission leaves to each EU memberstate unlike Europe’s antitrust regulation, which is centralised. United Kingdom - Information Commissioner’s Office (ICO) Ireland - Data Protection Commissioner
  15. 15. Future Legalisation E-Privacy Directive  Aswift, mandatory disclosure about a data breach EU Justice Commissioner ‘They will modernize rules dating from 1995, andcould expand to e-banking, online shopping or thepersonal data field’
  16. 16. Conclusion What do you think? Who do you blame? What should be done?

×