ebook img

Why Don't We Defend Better?: Data Breaches, Risk Management, and Public Policy PDF

119 Pages·2019·2.084 MB·\119
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Why Don't We Defend Better?: Data Breaches, Risk Management, and Public Policy

Why Don’t We Defend Better? Data Breaches, Risk Management, and Public Policy Why Don’t We Defend Better? Data Breaches, Risk Management, and Public Policy Robert H. Sloan Richard Warner CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2020 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed on acid-free paper International Standard Book Number-13: 978-0-8153-5662-2 (Hardback) This book contains information obtained from authentic and highly regarded sources. Rea- sonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowl- edged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not- for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trade- marks, and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging-in-Publication Data Names: Sloan, Robert H., author. | Warner, Richard, 1946- author. Title: Why don’t we defend better? : data breaches, risk management, and public policy / Robert H. Sloan, Richard Warner. Description: First edition. | Boca Raton, FL : CRC Press/Taylor & Francis Group, [2019] Identifiers: LCCN 2019010377| ISBN 9780815356622 (hardback : acid- free paper) | ISBN 9781351127301 (ebook) Subjects: LCSH: Computer networks--Security measures--Government policy. | Computer security--Government policy. | Business--Data processing--Security measures. | Computer crimes--Risk assessment. Classification: LCC TK5105.59 .S585 2019 | DDC 005.8--dc23 LC record available at https://lccn.loc.gov/2019010377 Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Contents Authors, ix Chapter 1 ◾ I ntroduction 1 WHAT IS A DATA BREACH? 2 FOUR EXAMPLES 4 WHY DON’T WE DEFEND BETTER? 13 THE LACK OF INFORMATION PROBLEM 14 LEGAL REGULATION 19 ENDNOTES 19 Chapter 2 ◾ S oftware Vulnerabilities 25 DISTRIBUTION OF VULNERABILITIES OVER TYPES OF SOFTWARE 26 SOURCES OF SOFTWARE DEFECTS 27 THE “MAKE THEM LIABLE” REMEDY FOR SOFTWARE VULNERABILITIES AND ITS LIMITS 31 LACK OF INFORMATION ABOUT COSTS AND PROBABILITIES 34 CHANGING CONSUMER DEMAND 36 A LEMONS MARKET FOR SOFTWARE? 36 ARTIFICIAL INTELLIGENCE: A FUTURE SOLUTION? 39 v vi ◾ Contents CONCLUSION 39 ENDNOTES 39 Chapter 3 ◾ ( Mis)Management: Failing to Defend against Technical Attacks 43 (MIS)MANAGING SOFTWARE VULNERABILITIES 45 KEEPING SOFTWARE UPDATED AND ACCOUNTED FOR: PATCHING AND INVENTORYING 46 DATA DEFENSE: ENCRYPTION 49 (MIS)MANAGING NETWORK DEFENSES 50 SO HOW HARD IS IT FOR A LARGE ORGANIZATION TO MOUNT A GOOD TECHNICAL DEFENSE? 53 CREATING AN INCENTIVE TO MANAGE BETTER 54 ENDNOTES 56 Chapter 4 ◾ A Mandatory Reporting Proposal 59 THE BUSINESS RISK MANAGEMENT GOAL 59 MANDATORY REPORTING 60 THE CONSUMER RISK MANAGEMENT GOAL 63 DATA BREACH NOTIFICATION LAWS 68 CONCLUSION 70 ENDNOTES 70 Chapter 5 ◾ O utsourcing Security 75 THE RISE OF MANAGED SECURITY SERVICE PROVIDERS (MSSPs) 76 ARGUMENTS FOR OUTSOURCING 77 MONITORING, MONETIZING, AND PRIVACY 79 A CHANGING LANDSCAPE 80 ENDNOTES 81 Contents   ◾   vii Chapter 6 ◾ T he Internet of Things 83 WHAT IS THE IoT? 84 THREE IoT SECURITY ISSUES 84 RECENT ATTACKS 86 AN EVEN STRONGER CASE FOR OUTSOURCING 88 THE MOTIVE TO MONETIZE INFORMATION 88 ENDNOTES 90 Chapter 7 ◾ H uman Vulnerabilities 93 PHISHING 93 EDUCATION AND TRAINING 96 TECHNICAL DEFENSES TO PHISHING 99 SECURITY MIND-SET MORE GENERALLY 100 ENDNOTES 102 Chapter 8 ◾ S eeing the Forest: An Overview of Policy Proposals 103 THE PROBLEM 103 SUGGESTED SOLUTIONS 104 A CHANGING LANDSCAPE 107 ENDNOTES 108 Authors Robert H. Sloan is a Professor and Head of the Department of Computer Science at the University of Illinois at Chicago (UIC). He has a BS in mathematics from Yale, and an SM and PhD in computer science from the Massachusetts Institute of Technology (MIT). He is a member of the U.S. Department of Homeland Security Privacy and Integrity Advisory Committee. In the early 2000s, he served as a Program Director at the National Science Foundation. In recent years, he has overseen the growth of the UIC Computer Science Department from 28 to 55 faculty (and growing). Dr. Sloan’s current scholarly work includes public policy issues in computer security and privacy as well as computer science education. In the past, he also worked in theoretical computer science and artificial intelligence. He has published over 100 articles, as well as a book he coauthored with Richard Warner, Unauthorized Access: The Crisis in Online Privacy and Information Security (Chapman & Hall/CRC Press, 2013). Richard Warner is a Professor Norman and Edna Freehling Scholar, Chicago–Kent College of Law. He has a BA in English literature, Stanford University; PhD (philosophy), University of California, Berkeley; JD, University of Southern California, Los Angeles. He is the Faculty Director of Chicago–Kent’s Center for Law and Computers, the Cofounder and Director of the School of American Law, the Codirector of the Center for National Security and Human Rights, and the Head of the School of American Law, ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.