Date post: | 01-Apr-2015 |
Category: |
Documents |
Upload: | josiah-campion |
View: | 218 times |
Download: | 1 times |
Cyber Insurance for Data Breaches
Márk FélegyháziLaboratory of Cryptography and System Security (CrySyS Lab)
Department of TelecommunicationsBudapest University of Technology and Economics
www.crysys.hu
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Failure to protect data
2006 May – Department of Veteran Affairs – 28.6m name, SSN, DoB
2007 March – TJ Maxx – 94m credit and debit cards 2008 end – Heartland Payment Systems – 100m
credit and debit card info 2011 April – Sony Online – 24.6m accounts
Is this going to continue?
2
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Failure to protect data
AND Wall Street Journal, 2007 Sep 22:
3
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Cost of breach is substantial
SME breach of 25000 records – cost of $4.16m Sony breach of 77m records compromised
– $171m spent (May 24, 2011) on – total costs?
• $258 per record – $20.6 billion
• conservative – $5.6 billion
4
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Solution – Static audits
Payment Card Industry Data Security Standard (PCI DSS)
5
contentprovider
users
Malice
auditor
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Proposal – Dynamic security monitoring + Insurance
6
contentprovider
users
Malice
securitycompany
cyber-insurancecompany
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Key points
data value assessment design a clear data flow in system monitor data flow establish security
7
Márk Félegyházi, Crysys Lab, BME-HIT