cyber insurance for data breaches márk félegyházi laboratory of cryptography and system security...
TRANSCRIPT
Cyber Insurance for Data Breaches
Márk FélegyháziLaboratory of Cryptography and System Security (CrySyS Lab)
Department of TelecommunicationsBudapest University of Technology and Economics
www.crysys.hu
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Failure to protect data
2006 May – Department of Veteran Affairs – 28.6m name, SSN, DoB
2007 March – TJ Maxx – 94m credit and debit cards 2008 end – Heartland Payment Systems – 100m
credit and debit card info 2011 April – Sony Online – 24.6m accounts
Is this going to continue?
2
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Failure to protect data
AND Wall Street Journal, 2007 Sep 22:
3
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Cost of breach is substantial
SME breach of 25000 records – cost of $4.16m Sony breach of 77m records compromised
– $171m spent (May 24, 2011) on – total costs?
• $258 per record – $20.6 billion
• conservative – $5.6 billion
4
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Solution – Static audits
Payment Card Industry Data Security Standard (PCI DSS)
5
contentprovider
users
Malice
auditor
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Proposal – Dynamic security monitoring + Insurance
6
contentprovider
users
Malice
securitycompany
cyber-insurancecompany
Laboratory of Cryptography and System SecurityCrySyS Adat- és Rendszerbiztonság Laboratóriumwww.crysys.hu
Key points
data value assessment design a clear data flow in system monitor data flow establish security
7
Márk Félegyházi, Crysys Lab, BME-HIT