• Complain

Daniel J. Solove - Breached!: Why Data Security Law Fails and How to Improve It

Here you can read online Daniel J. Solove - Breached!: Why Data Security Law Fails and How to Improve It full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2022, publisher: Oxford University Press, genre: Politics. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Daniel J. Solove Breached!: Why Data Security Law Fails and How to Improve It
  • Book:
    Breached!: Why Data Security Law Fails and How to Improve It
  • Author:
  • Publisher:
    Oxford University Press
  • Genre:
  • Year:
    2022
  • Rating:
    4 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 80
    • 1
    • 2
    • 3
    • 4
    • 5

Breached!: Why Data Security Law Fails and How to Improve It: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Breached!: Why Data Security Law Fails and How to Improve It" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

A novel account of how the law contributes to the insecurity of our data and a bold way to rethink it. Digital connections permeate our lives-and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is alarming how difficult it is to create rules for securing our personal information. Despite the passage of many data security laws, data breaches are increasing at a record pace. In Breached!, Daniel Solove and Woodrow Hartzog, two of the worlds leading experts on privacy and data security, argue that the law fails because, ironically, it focuses too much on the breach itself. Drawing insights from many fascinating stories about data breaches, Solove and Hartzog show how major breaches could have been prevented or mitigated through a different approach to data security rules. Current law is counterproductive. It pummels organizations that have suffered a breach but doesnt address the many other actors that contribute to the problem: software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage in risky behaviors, and more. Although humans are the weakest link for data security, policies and technologies are often designed with a poor understanding of human behavior. Breached! corrects this course by focusing on the human side of security. Drawing from public health theory and a nuanced understanding of risk, Solove and Hartzog set out a holistic vision for data security law-one that holds all actors accountable, understands security broadly and in relationship to privacy, looks to prevention and mitigation rather than reaction, and works by accepting human limitations rather than being in denial of them. The book closes with a roadmap for how we can reboot law and policy surrounding data security.

Daniel J. Solove: author's other books


Who wrote Breached!: Why Data Security Law Fails and How to Improve It? Find out the surname, the name of the author of the book and a list of all author's works by series.

Breached!: Why Data Security Law Fails and How to Improve It — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Breached!: Why Data Security Law Fails and How to Improve It" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Breached Why Data Security Law Fails and How to Improve It - image 1
Breached!

Breached Why Data Security Law Fails and How to Improve It - image 2

Oxford University Press is a department of the University of Oxford. It furthers the Universitys objective of excellence in research, scholarship, and education by publishing worldwide. Oxford is a registered trade mark of Oxford University Press in the UK and certain other countries.

Published in the United States of America by Oxford University Press

198 Madison Avenue, New York, NY 10016, United States of America.

Daniel J. Solove and Woodrow Hartzog 2022

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without the prior permission in writing of Oxford University Press, or as expressly permitted by law, by license, or under terms agreed with the appropriate reproduction rights organization. Inquiries concerning reproduction outside the scope of the above should be sent to the Rights Department, Oxford University Press, at the address above.

You must not circulate this work in any other form and you must impose this same condition on any acquirer.

CIP data is on file at the Library of Congress

ISBN 9780190940553

eISBN 9780190940577

To Pamela and GriffinDJS

To Mom and DadWH

Table of Contents

Sometimes the thing we are looking for is right in front of us and yet we still dont see it. A great novella by Gabriel Garcia Marquez called Chronicle of a Death Foretold begins with the vicious fatal stabbing of the main character. The rest of the story reveals that all the warning signs about the murder were in plain sight yet ignored by everyone. The murder was readily preventablebut, because of human nature, it was almost inevitable.

The story of most data breaches follows the same pattern. We have read about thousands of data breaches, and the moral of most of these stories boils down to the same thing: The breaches were preventable, but people made blunders. What is quite remarkable about these stories is that they havent evolved that much in decades. The same mistakes keep happening again and again. After so many years, and so many laws to regulate data security, why havent the stories changed?

Let us begin with a classic data breach tale involving one of the largest and most notable breaches of its timethe Target breach of 2013. The story has many of the common themes of data breach stories, and what makes it particularly fascinating is that it is a sinister version of a David-and-Goliath story. Target was Goliath, and it was well-fortified. With its extensive resources and defenses, Target was far more protected than most organizations. Yet, it still failed. This fact should send shivers down our spines.

In mid-December 2013, right in the middle of the holiday shopping season, executives at Target found out some dreaded news: Target had been hacked. It was cruel irony that the second-largest discount store chain in the United States quite literally had a target sign on itTargets logo is a red and white bullseye. The hackers hit it with an arrow straight into the center.

Executives at Target learned about the breach from Department of Justice officials, who informed them that stolen data from Target was appearing online and that reports of fraudulent credit card charges were starting to pop up. Quite concerned, the Target executives immediately hired a forensics firm to investigate.

What they discovered was devastating. Targets computer system had been infected with malware, and there had been a data breach. It wasnt just a small breach, or a sizeable one, or even a big oneit was a breach of epic proportions.

Over the course of two weeks starting in November 2013, hackers had stolen detailed information for about 40 million credit and debit card accounts, as well as personal information on about 70 million Target customers. The hackers had begun to sell their tremendous data haul on black-market fraud websites.

The timing couldnt have been worse for Target. It suffered the single largest decline of holiday transactions since it first began reporting the statistic.

The pain was just beginning. On top of the lost profits, costs associated with the breach topped $200 million by mid-February 2014. These costs

What made this all the more unnerving for Target is that it had devoted quite a lot of time and resources to its information security. Target had more than 300 information security staff members. The company had maintained a large security operations center in Minneapolis, Minnesota, and had a team of security specialists in Bangalore that monitored its computer network 24/7. In May 2013just six months before the hackTarget had implemented expensive and sophisticated malware detection software from FireEye.

With all this securityan investment of millions of dollars, state-of-the-art security software, hundreds of security personnel, and round-the-clock monitoringhow did Target fail?

A common narrative told to the public is that this entire debacle could be traced to just one person who let the hackers slip in. In caper movies, the criminals often have an inside guy who leaves the doors open. But the person who let the hackers into Target wasnt even a Target employee and wasnt bent on mischief. The person worked for Fazio Mechanical, a Pennsylvania-based HVAC company, a third-party vendor hired by Target. The Fazio employee fell for a phishing trick and opened an attachment in a fraudulent email the hackers had sent to him. Hidden in the email attachment lurked the Citadel Trojan horsea malicious software program that took root in Fazios computers.

The Citadel Trojan horse was nothing novelit was a variant of a well-known malware package called ZeuS and is readily detectable by any major enterprise anti-virus software. But Fazio lacked the massive security infrastructure that Target had, allowing the malware to remain undetected on the Fazio computers. Through the Trojan horse, the hackers obtained Fazios log-in credentials for Targets system.

With access to Target, the hackers unleashed a different malware program, one they bought on the black market for just a few thousand dollars.

At first, the malware went undetected, and it began compiling millions of records during peak business hours. This data was being readied to be transferred to the hackers location in Eastern Europe. But very soon, FireEye flagged the malware and issued an alert. Targets security team in Bangalore noted the alert and notified the security center in Minneapolis. But the red light was ignored.

FireEye flagged as many as five different versions of the malware. The alerts even provided the addresses for the staging ground servers, and a gaffe by the hackers meant that the malware code contained usernames and passwords for these servers, meaning Target security could have logged on and seen the stolen data for themselves.

With FireEyes red lights blinking furiously, the hackers began moving the stolen data on December 2, 2013. The malware continued to exfiltrate data freely for almost two weeks. Law enforcement officials from the Department of Justice contacted Target about the breach on December 12, armed not only with reports of fraudulent credit card charges, but also actual stolen data recovered from the dump servers, which the hackers had neglected to wipe.

The aftermath of the breach caused tremendous financial damage to Target. It remains unknown what the precise cost of the breach was, but an estimate in Targets annual report of March 2016 put the figure at $291 million.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Breached!: Why Data Security Law Fails and How to Improve It»

Look at similar books to Breached!: Why Data Security Law Fails and How to Improve It. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Breached!: Why Data Security Law Fails and How to Improve It»

Discussion, reviews of the book Breached!: Why Data Security Law Fails and How to Improve It and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.