SlideShare a Scribd company logo

Risk presentation Sony 2012 The PlayStation Network Security Breach

Download as PPTX, PDF
James Dellinger
James Dellinger

Focus on Sony: The PlayStation Network Security Breach Overview  Focus on Sony  What data do they Collect?  High Profile Breach – What Happened and Why?  The Aftermath Response  Policies Introduced as a Result  What has Happened Since?  Vulnerabilities in Legalisation  Sony’s Sony  World’s leading digital entertainment brands, with a large portfolio of multimedia content.  Sony Computer Entertainment  The PlayStatio

EducationTechnology
1 of 17
Focus on Sony: The PlayStation Network Security Breach IS510 JAMES DELLINGER GRAINNE MALONE JENNIFER MURPHY RAN ZHANG
Overview  Focus on Sony  What data do they Collect?  High Profile Breach – What Happened and Why?  The Aftermath  Sony’s Response  Policies Introduced as a Result  What has Happened Since?  Vulnerabilities in Legalisation
Sony  World’s leading digital entertainment brands, with a large portfolio of multimedia content.  Sony Computer Entertainment  The PlayStation Network (PSN)
PSN Data Collection  Name  Address  Country  E-mail address  Date of Birth  PSN password and login name  Credit Card Details  Purchase History  Answers to Users Security Questions
What Happened?  Security Breach in PlayStation Network  Shutdown of service  77 million users put at risk  Personal information stolen
Security Issues  Weak security system  Lack of random number in algorithm  Lack of Firewalls  Obsolete web applications  Lack of Management support
Response from Sony ?  Very slow reaction time  Poor communication  Lack of transparency  Lack of direction
Measures Introduced  Software monitoring  Penetration andVulnerability testing  Encryption  Firewalls  Security personnel
Creation of a New Position - CISO “ to oversee information security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony.” – Sony Corporation
Number of Actions Taken  Moved PSN server to a new, more secure and unnamed location  Enhanced levels of data protection and encryption  Enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns  Additional firewalls  Established a new data center in an undisclosed location with increased security
Changes of Terms of Service  September 2011 - No Suing Policy! “ Other than those matters listed in the Exclusions from Arbitration clause, you and the Sony Entity that you have a Dispute with agree to seek resolution of the Dispute only through arbitration of that Dispute in accordance with the terms of this Section 15, and not litigate any Dispute in court. Arbitration means that the Dispute will be resolved by a neutral arbitrator instead of in a court by a judge or jury.” - Section 15, Terms of Service, Sony Entertainment Network
Recent Scandal ?
Ahhhhhh Not Again!!!  June 2011 - SQL injection attack against Sony Pictures disclosed personal information of over 1 million Sony customers  June 2011 – an attack against Sony’s Developer Network posted 54MB of Sony developer source code.  October 2011 – Brute-force attack broken into 93,000 PlayStation and Sony network accounts  January 2012 – attack against a several websites operated by Sony for the corporation’s support of the US Stop Online Piracy Act (SOPA).
Issues with Legislation Security breaches of this nature fall under data protection and privacy regulation which the European Commission leaves to each EU member state unlike Europe’s antitrust regulation, which is centralised.  United Kingdom - Information Commissioner’s Office (ICO)  Ireland - Data Protection Commissioner
Future Legalisation  E-Privacy Directive  Aswift, mandatory disclosure about a data breach  EU Justice Commissioner ‘They will modernize rules dating from 1995, and could expand to e-banking, online shopping or the personal data field’
Conclusion  What do you think? Who do you blame?  What should be done?

Recommended

Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSecurity and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSysfore Technologies
 
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisnullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisn|u - The Open Security Community
 
Cyber security basics
Cyber security basics Cyber security basics
Cyber security basics Rohit Srivastava
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)Lacoon Mobile Security
 
Mobile security
Mobile securityMobile security
Mobile securityCyberoamAcademy
 

Recommended

Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Security and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSecurity and Privacy challenges of the Internet of Things (IoT) | Sysfore
Security and Privacy challenges of the Internet of Things (IoT) | SysforeSysfore Technologies
 
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisnullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisn|u - The Open Security Community
 
Cyber security basics
Cyber security basics Cyber security basics
Cyber security basics Rohit Srivastava
 
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)
MobileCON 2013 – Attacks Aginst MDM Solutions (and What You Can Do About It)Lacoon Mobile Security
 
Mobile security
Mobile securityMobile security
Mobile securityCyberoamAcademy
 
Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012Infomanjjb
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
C3 Cyber
C3 CyberC3 Cyber
C3 CyberDeepak Kumar (D3)
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects HelpNetwork Simulation Tools
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
Cyberlaw
CyberlawCyberlaw
Cyberlawambadesuhas
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected WorldRussell_Kennedy
 
Cyber security
Cyber security Cyber security
Cyber securityTanu Basoiya
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...Segun Ebenezer Olaniyan
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Hacking presentation
Hacking presentation Hacking presentation
Hacking presentation Ajith Reddy
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat... (Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...James Dellinger
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 

More Related Content

What's hot

Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012Infomanjjb
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected WorldRussell_Kennedy
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...Segun Ebenezer Olaniyan
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Hacking presentation
Hacking presentation Hacking presentation
Hacking presentation Ajith Reddy
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 

What's hot (20)

Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012Cit101 social aspects_and_issues_of_the_internet spring 2012
Cit101 social aspects_and_issues_of_the_internet spring 2012
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Mobile Security Research Projects Help
Mobile Security Research Projects HelpMobile Security Research Projects Help
Mobile Security Research Projects Help
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You Think
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected World
 
Cyber security
Cyber security Cyber security
Cyber security
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
Hacking presentation
Hacking presentation Hacking presentation
Hacking presentation
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 

Similar to Risk presentation Sony 2012 The PlayStation Network Security Breach

(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat... (Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...James Dellinger
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
 
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...Jonathan Care
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?CPPGroup Plc
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Benjamin Ang
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network securityBev Robb
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011IbuSrikandi
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)Caston Thomas
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 

Similar to Risk presentation Sony 2012 The PlayStation Network Security Breach (20)

(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat... (Sony) Risk assignment final high profile security breach of Sony’s Playstat...
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network security
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 

Recently uploaded

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 

Recently uploaded (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 

Risk presentation Sony 2012 The PlayStation Network Security Breach

  • 1. Focus on Sony: The PlayStation Network Security Breach IS510 JAMES DELLINGER GRAINNE MALONE JENNIFER MURPHY RAN ZHANG
  • 2. Overview  Focus on Sony  What data do they Collect?  High Profile Breach – What Happened and Why?  The Aftermath  Sony’s Response  Policies Introduced as a Result  What has Happened Since?  Vulnerabilities in Legalisation
  • 3. Sony  World’s leading digital entertainment brands, with a large portfolio of multimedia content.  Sony Computer Entertainment  The PlayStation Network (PSN)
  • 4. PSN Data Collection  Name  Address  Country  E-mail address  Date of Birth  PSN password and login name  Credit Card Details  Purchase History  Answers to Users Security Questions
  • 5. What Happened?  Security Breach in PlayStation Network  Shutdown of service  77 million users put at risk  Personal information stolen
  • 6. Security Issues  Weak security system  Lack of random number in algorithm  Lack of Firewalls  Obsolete web applications  Lack of Management support
  • 7. Response from Sony ?  Very slow reaction time  Poor communication  Lack of transparency  Lack of direction
  • 8. Measures Introduced  Software monitoring  Penetration andVulnerability testing  Encryption  Firewalls  Security personnel
  • 9. Creation of a New Position - CISO “ to oversee information security, privacy and internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony.” – Sony Corporation
  • 10. Number of Actions Taken  Moved PSN server to a new, more secure and unnamed location  Enhanced levels of data protection and encryption  Enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns  Additional firewalls  Established a new data center in an undisclosed location with increased security
  • 11. Changes of Terms of Service  September 2011 - No Suing Policy! “ Other than those matters listed in the Exclusions from Arbitration clause, you and the Sony Entity that you have a Dispute with agree to seek resolution of the Dispute only through arbitration of that Dispute in accordance with the terms of this Section 15, and not litigate any Dispute in court. Arbitration means that the Dispute will be resolved by a neutral arbitrator instead of in a court by a judge or jury.” - Section 15, Terms of Service, Sony Entertainment Network
  • 13. Ahhhhhh Not Again!!!  June 2011 - SQL injection attack against Sony Pictures disclosed personal information of over 1 million Sony customers  June 2011 – an attack against Sony’s Developer Network posted 54MB of Sony developer source code.  October 2011 – Brute-force attack broken into 93,000 PlayStation and Sony network accounts  January 2012 – attack against a several websites operated by Sony for the corporation’s support of the US Stop Online Piracy Act (SOPA).
  • 14. Issues with Legislation Security breaches of this nature fall under data protection and privacy regulation which the European Commission leaves to each EU member state unlike Europe’s antitrust regulation, which is centralised.  United Kingdom - Information Commissioner’s Office (ICO)  Ireland - Data Protection Commissioner
  • 15. Future Legalisation  E-Privacy Directive  Aswift, mandatory disclosure about a data breach  EU Justice Commissioner ‘They will modernize rules dating from 1995, and could expand to e-banking, online shopping or the personal data field’
  • 16.
  • 17. Conclusion  What do you think? Who do you blame?  What should be done?