๐”– Scriptorium
โœฆ   LIBER   โœฆ
๐Ÿ“

Data Breaches: Crisis and Opportunity

โœ Scribed by Sherri Davidoff

Publisher
Addison-Wesley Professional
Year
2019
Tongue
English
Leaves
465
Edition
1
Category
Library
โฌ‡  Acquire This Volume

No coin nor oath required. For personal study only.

โœฆ Synopsis

"Data breaches are inevitable. It is said that there are two types of companies: those that have had a data breach and those that donโ€™t yet know they have had one. In preparing for that inevitability, Data Breaches: Crisis and Opportunity is an invaluable guide to the history of some of the most significant data breaches, to what you can do to ensure your firm does not become another statistic and, in the event it does happen, to minimize the damage of that breach." -- Ben Rothke, RSA Book of the Month Selection



Protect Your Organization Against Massive Data Breaches and Their Consequences

Data breaches can be catastrophic, but they remain mysterious because victims donโ€™t want to talk about them. In Data Breaches, world-renowned cybersecurity expert Sherri Davidoff shines a light on these events, offering practical guidance for reducing risk and mitigating consequences. Reflecting extensive personal experience and lessons from the worldโ€™s most damaging breaches, Davidoff identifies proven tactics for reducing damage caused by breaches and avoiding common mistakes that cause them to spiral out of control.

Youโ€™ll learn how to manage data breaches as the true crises they are; minimize reputational damage and legal exposure; address unique challenges associated with health and payment card data; respond to hacktivism, ransomware, and cyber extortion; and prepare for the emerging battlefront of cloud-based breaches.

  • Understand what you need to know about data breaches, the dark web, and markets for stolen data
  • Limit damage by going beyond conventional incident response
  • Navigate high-risk payment card breaches in the context of PCI DSS
  • Assess and mitigate data breach risks associated with vendors and third-party suppliers
  • Manage compliance requirements associated with healthcare and HIPAA
  • Quickly respond to ransomware and data exposure cases
  • Make better decisions about cyber insurance and maximize the value of your policy
  • Reduce cloud risks and properly prepare for cloud-based data breachesย  ย 

Data Breaches is indispensable for everyone involved in breach avoidance or response: executives, managers, IT staff, consultants, investigators, students, and more. Read it before a breach happens!

Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.

โœฆ Table of Contents

Cover
Title Page
Copyright Page
Contents
Preface
Acknowledgments
About the Author
Chapter 1 Dark Matters
1.1 Dark Breaches
1.1.1 What Is a Data Breach?
1.1.2 Unprotected Personal Information
1.1.3 Quantifying Dark Breaches
1.1.4 Undetected Breaches
1.1.5 Dark and Darker Breaches
1.2 Skewed Statistics
1.2.1 Public Records
1.2.2 Raise Your Hand if Youโ€™ve Had a Data Breach
1.2.3 Cybersecurity Vendor Data
1.3 Why Report?
1.4 Whatโ€™s Left Unsaid
Chapter 2 Hazardous Material
2.1 Data Is the New Oil
2.1.1 Secret Data Collection
2.1.2 The TRW Breach
2.2 The Five Data Breach Risk Factors
2.3 The Demand for Data
2.3.1 Media Outlets
2.3.2 Big Advertising
2.3.3 Big Data Analytics
2.3.4 Data Analytics Firms
2.3.5 Data Brokers
2.4 Anonymization and Renonymization
2.4.1 Anonymization Gone Wrong
2.4.2 Big Data Killed Anonymity
2.5 Follow the Data
2.5.1 Pharmacies: A Case Study
2.5.2 Data Skimming
2.5.3 Service Providers
2.5.4 Insurance
2.5.5 State Government
2.5.6 Cost/Benefit Analysis
2.6 Reducing Risk
2.6.1 Track Your Data
2.6.2 Minimize Your Data
2.7 Conclusion
Chapter 3 Crisis Management
3.1 Crisis and Opportunity
3.1.1 Incidents
3.1.2 Data Breaches Are Different
3.1.3 Recognizing Crises
3.1.4 The Four Stages of a Crisis
3.2 Crisis Communications, or Communications Crisis?
3.2.1 Image Is Everything
3.2.2 Stakeholders
3.2.3 The 3 Cโ€™s of Trust
3.2.4 Image Repair Strategies
3.2.5 Notification
3.2.6 Uberโ€™s Skeleton in the Closet
3.3 Equifax
3.3.1 Competence Concerns
3.3.2 Character Flaws
3.3.3 Uncaring
3.3.4 Impact
3.3.5 Crisis Communications Tips
3.4 Conclusion
Chapter 4 Managing DRAMA
4.1 The Birth of Data Breaches
4.1.1 Data Breaches: A New Concept Emerges
4.1.2 The Power of a Name
4.2 A Smoldering Crisis
4.2.1 The Identity Theft Scare
4.2.2 The Product Is . . . You
4.2.3 Valuable Snippets of Data
4.2.4 Knowledge-Based Authentication
4.2.5 Access Devices
4.3 Prodromal Phase
4.3.1 The Smoldering Crisis Begins . . .
4.3.2 Isnโ€™t It Ironic?
4.3.3 A Suspicious Phone Call
4.3.4 Hiding in Plain Sight
4.3.5 Recognize
4.3.6 Escalate
4.3.7 Investigate
4.3.8 Scope
4.4 Acute Phase
4.4.1 Ainโ€™t Nobody Here But Us Chickens
4.4.2 Just California . . . Really
4.4.3 . . . Oh, and Maybe 110,000 Other People
4.4.4 The Explosion
4.4.5 The Blame Game
4.4.6 That New Credit Monitoring Thing
4.4.7 Act Now, While Goodwill Lasts
4.5 Reducing Harm
4.5.1 Devalue the Data
4.5.2 Monitor and Respond
4.5.3 Implement Additional Access Controls
4.6 Chronic Phase
4.6.1 Call in the Experts
4.6.2 A Time for Introspection
4.6.3 Testifying before Congress
4.7 Resolution Phase
4.7.1 The New Normal
4.7.2 Growing Stronger
4.7.3 Changing the World
4.8 Before a Breach
4.8.1 Cybersecurity Starts at the Top
4.8.2 The Myth of the Security Team
4.9 Conclusion
Chapter 5 Stolen Data
5.1 Leveraging Breached Data
5.2 Fraud
5.2.1 From Fraud to Data Breaches
5.3 Sale
5.3.1 Selling Stolen Data
5.3.2 Asymmetric Cryptography
5.3.3 Onion Routing
5.3.4 Dark E-Commerce Sites
5.3.5 Cryptocurrency
5.3.6 Modern Dark Data Brokers
5.4 The Goods
5.4.1 Personally Identifiable Information
5.4.2 Payment Card Numbers
5.4.3 Data Laundering
5.5 Conclusion
Chapter 6 Payment Card Breaches
6.1 The Greatest Payment Card Scam of All
6.2 Impact of a Breach
6.2.1 How Credit Card Payment Systems Work
6.2.2 Consumers
6.2.3 Poor Banks
6.2.4 Poor Merchants
6.2.5 Poor Payment Processors
6.2.6 Not-So-Poor Card Brands
6.2.7 Poor Consumers, After All
6.3 Placing Blame
6.3.1 Bulls-Eye on Merchants
6.3.2 Fundamentally Flawed
6.3.3 Security Standards Emerge
6.4 Self-Regulation
6.4.1 PCI Data Security Standard
6.4.2 A For-Profit Standard
6.4.3 The Man behind the Curtain
6.4.4 PCI Confusion
6.4.5 QSA Incentives
6.4.6 Fines
6.5 TJX Breach
6.5.1 Operation Get Rich or Die Tryinโ€™
6.5.2 Point-of-Sale Vulnerabilities
6.5.3 Green Hat Enterprises
6.5.4 The New Poster Child
6.5.5 Whoโ€™s Liable?
6.5.6 Struggles with Security
6.5.7 TJX Settlements
6.5.8 Data Breach Legislation 2.0
6.6 The Heartland Breach
6.6.1 Heartland Gets Hacked
6.6.2 Retroactively Noncompliant
6.6.3 Settlements
6.6.4 Making Lemonade: Heartland Secure
6.7 PCI and Data Breach Investigations
6.7.1 PCI Forensic Investigators
6.7.2 Attorney-Client Privilege
6.8 Conclusion
Chapter 7 Retailgeddon
7.1 Accident Analysis
7.1.1 Pileup
7.1.2 Small Businesses Under Attack
7.1.3 Attacker Tools and Techniques
7.2 An Ounce of Prevention
7.2.1 Two-Factor Authentication
7.2.2 Vulnerability Management
7.2.3 Segmentation
7.2.4 Account and Password Management
7.2.5 Encryption/Tokenization
7.3 Targetโ€™s Response
7.3.1 Realize
7.3.2 The Krebs Factor
7.3.3 Communications Crisis
7.3.4 Home Depot Did a Better Job
7.4 Ripple Effects
7.4.1 Banks and Credit Unions
7.4.2 Widespread Card Fraud
7.4.3 To Reissue or Not to Reissue?
7.5 Chip and Scam
7.5.1 Alternate Payment Solutions
7.5.2 Card Brands Push Back
7.5.3 Changing the Conversation
7.5.4 Preventing Data Breaches . . . Or Not
7.5.5 Who Owns the Chip?
7.5.6 Public Opinion
7.5.7 Worth It?
7.5.8 No Chip, Please Swipe
7.6 Legislation and Standards
7.7 Conclusion
Chapter 8 Supply Chain Risks
8.1 Service Provider Access
8.1.1 Data Storage
8.1.2 Remote Access
8.1.3 Physical Access
8.2 Technology Supply-Chain Risks
8.2.1 Software Vulnerabilities
8.2.2 Hardware Risks
8.2.3 Hacking Technology Companies
8.2.4 Suppliers of Suppliers
8.3 Cyber Arsenals
8.3.1 Weapons Turned
8.3.2 Calls for Disarmament
8.4 Conclusion
Chapter 9 Health Data Breaches
9.1 The Public vs. the Patient
9.1.1 Gaps in Protection
9.1.2 Data Breach Perspectives
9.2 Bulls-Eye on Healthcare
9.2.1 Data Smorgasbord
9.2.2 A Push for Liquidity
9.2.3 Retention
9.2.4 A Long Shelf Life
9.3 HIPAA: Momentous and Flawed
9.3.1 Protecting Personal Health Data
9.3.2 HIPAA Had โ€œNo Teethโ€
9.3.3 The Breach Notification Rule
9.3.4 Penalties
9.3.5 Impact on Business Associates
9.4 Escape from HIPAA
9.4.1 Trading Breached Data
9.4.2 Mandated Information Sharing
9.4.3 Deidentification
9.4.4 Reidentification
9.4.5 Double Standards
9.4.6 Beyond Healthcare
9.5 Health Breach Epidemic
9.5.1 More Breaches? Or More Reporting?
9.5.2 Complexity: The Enemy of Security
9.5.3 Third-Party Dependencies
9.5.4 The Disappearing Perimeter
9.6 After a Breach
9.6.1 Whatโ€™s the Harm?
9.6.2 Making Amends
9.6.3 Health Breach Lawsuits
9.6.4 Learning from Medical Errors
9.7 Conclusion
Chapter 10 Exposure and Weaponization
10.1 Exposure Breaches
10.1.1 Motivation
10.1.2 Doxxing
10.1.3 Anonymous
10.1.4 WikiLeaks
10.1.5 Weaponization
10.2 Response
10.2.1 Verify
10.2.2 Investigate
10.2.3 Data Removal
10.2.4 Public Relations
10.3 MegaLeaks
10.3.1 Manningโ€™s Crime
10.3.2 Caught!
10.3.3 Cooperation: A New Model
10.3.4 Drowning in Data
10.3.5 Redaction
10.3.6 Data Products
10.3.7 Timed and Synchronized Releases
10.3.8 Takedown Attempts Backfire
10.3.9 Distribution
10.3.10 Punishment Backfires
10.3.11 Copycats
10.3.12 Consequences
10.4 Conclusion
Chapter 11 Extortion
11.1 Epidemic
11.1.1 Definition
11.1.2 Maturation
11.2 Denial Extortion
11.2.1 Ransomware
11.2.2 Encryption and Decryption
11.2.3 Payment
11.2.4 World Domination
11.2.5 Is Ransomware a Breach?
11.2.6 Response
11.3 Exposure Extortion
11.3.1 Regulated Data Extortion
11.3.2 Sextortion
11.3.3 Intellectual Property
11.3.4 Response
11.4 Faux Extortion
11.4.1 Case Study: NotPetya
11.4.2 Response
11.5 Conclusion
Chapter 12 Cyber Insurance
12.1 Growth of Cyber Insurance
12.2 Industry Challenges
12.3 Types of Coverage
12.4 Commercial Off-the-Shelf Breach Response
12.4.1 Assessing Breach Response Teams
12.4.2 Confidentiality Considerations
12.5 How to Pick the Right Cyber Insurance
12.5.1 Involve the Right People
12.5.2 Inventory Your Sensitive Data
12.5.3 Conduct a Risk Assessment
12.5.4 Review Your Existing Coverage
12.5.5 Obtain Quotes
12.5.6 Review and Compare Quotes
12.5.7 Research the Insurer
12.5.8 Choose!
12.6 Leverage Your Cyber Insurance
12.6.1 Develop
12.6.2 Realize
12.6.3 Act
12.6.4 Maintain
12.6.5 Adapt
12.7 Conclusion
Chapter 13 Cloud Breaches
13.1 Risks of the Cloud
13.1.1 Security Flaws
13.1.2 Permission Errors
13.1.3 Lack of Control
13.1.4 Authentication Issues
13.2 Visibility
13.2.1 Business Email Compromise (BEC)
13.2.2 Evidence Acquisition
13.2.3 Ethics
13.3 Intercepted
13.3.1 The Beauty of End-to-End Encryption
13.3.2 The Ugly Side of End-to-End Encryption
13.3.3 Large-Scale Monitoring
13.3.4 Investment in Encryption
13.4 Conclusion
Afterword
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Y
Z

๐Ÿ“œ SIMILAR VOLUMES

Data Breaches: Crisis and Opportunity
๐Ÿ“ Data Breaches: Crisis and Opportunity
โœ Sherri Davidoff ๐Ÿ“‚ Library ๐Ÿ“… 2020 ๐Ÿ› Addison-Wesley Professional ๐ŸŒ English

<span><div><p><b>Protect Your Organization Against Massive Data Breaches and Their Consequences</b><br/><br/>Data breaches can be catastrophic, but they remain mysterious because victims don't want to talk about them. In <i><b>Data Breaches,</b></i> world-renowned cybersecurity expert Sherri Davidof

Data breaches: crisis and opportunity
๐Ÿ“ Data breaches: crisis and opportunity
โœ Davidoff, Sherri ๐Ÿ“‚ Library ๐Ÿ“… 2019;2020 ๐Ÿ› Addison-Wesley Professional ๐ŸŒ English

Protect Your Organization Against Massive Data Breaches and Their ConsequencesData breaches can be catastrophic, but they remain mysterious because victims donโ€™t want to talk about them. InData Breaches,world-renowned cybersecurity expert Sherri Davidoff shines a light on these events, offering prac

Data Science and Data Analytics: Opportu
๐Ÿ“ Data Science and Data Analytics: Opportunities and Challenges
โœ Amit Kumar Tyagi ๐Ÿ“‚ Library ๐Ÿ“… 2021 ๐Ÿ› Chapman and Hall/CRC ๐ŸŒ English

<p>Data science is a multi-disciplinary field that uses scientific methods, processes, algorithms and systems to extract knowledge and insights from structured (labelled) and unstructured (unlabelled) data. It is the future of Artificial Intelligence (AI) and the necessity of future to make things e

Data Science and Data Analytics: Opportu
๐Ÿ“ Data Science and Data Analytics: Opportunities and Challenges
โœ Amit Kumar Tyagi (editor) ๐Ÿ“‚ Library ๐Ÿ“… 2021 ๐Ÿ› Chapman and Hall/CRC ๐ŸŒ English

<p>Data science is a multi-disciplinary field that uses scientific methods, processes, algorithms, and systems to extract knowledge and insights from structured (labeled) and unstructured (unlabeled) data. It is the future of Artificial Intelligence (AI) and a necessity of the future to make things

Data Mining: Opportunities and Challenge
๐Ÿ“ Data Mining: Opportunities and Challenges
โœ John Wang ๐Ÿ“‚ Library ๐Ÿ“… 2003 ๐ŸŒ English

Data Mining: Opportunities and Challenges presents an overview of the state of the art approaches in this new and multidisciplinary field of data mining. The primary objective of this book is to explore the myriad issues regarding data mining, specifically focusing on those areas that explore new me

Big Data : Opportunities and challenges
๐Ÿ“ Big Data : Opportunities and challenges
โœ The Chartered Institute for IT BCS; Chartered Institute for IT BCS Staff; Keith ๐Ÿ“‚ Library ๐Ÿ“… 2014 ๐Ÿ› BCS Learning & Development Limited ๐ŸŒ English

Despite the current hype around big data, there is no denying that its potential to benefit organisations, businesses and customers is enormous. The articles in this ebook aim to give practical guidance for all those who want to understand big data better and learn how to make the most of it. Topics