1 / 20

Insurability of Cyber Risks Emphasis on Data Integrity to Allow Enterprise Wide Cyber Cover

Insurability of Cyber Risks Emphasis on Data Integrity to Allow Enterprise Wide Cyber Cover. David Piesse. 50 th Anniversary IIS Annual Seminar, June 24 th , 2014. Estonia | NATO Cyber Security. The symbol of Estonian Cyber Defense League. Estonia | Cyber defenses tested in 2007.

bette
Télécharger la présentation

Insurability of Cyber Risks Emphasis on Data Integrity to Allow Enterprise Wide Cyber Cover

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Insurability of Cyber RisksEmphasis on Data Integrity to Allow Enterprise Wide Cyber Cover David Piesse 50th Anniversary IIS Annual Seminar, June 24th, 2014

  2. Estonia | NATO Cyber Security The symbol of Estonian Cyber Defense League

  3. Estonia | Cyber defenses tested in 2007

  4. The INTERNET was not really designed with an authentication layer! Sir Tim Dr. Vin Picture Source - New Data Ecologies – BNY Mellon

  5. Background | Data Integrity is Crucial for the Digital World

  6. Data Integrity is the Gaping Hole in Security Target: A Confidentiality or Integrity Breach ? Most people think the Target compromise was a breach of confidentiality. They are right – the end result was loss of customer credit card data. What they overlook is what caused the breach which was an attack on integrity – a compromise of credit card database configuration(s), machine reader software, and security layer components that led to the loss of credit card information. New cyber security and data protection strategies are proposed to deliver above the current best practices , primarily focused on compliance and risk mitigation. They will inevitably focus on more confidentiality, encryption, perimeter defense and they will likely not address the full model containing data integrity and leakage.

  7. Data Security Triad Confidentiality Preventing the disclosure of information to unauthorized individuals or systems. Security Model Availability Integrity Making sure that the computing systems, the security controls, and the communication channels are functioning correctly. Maintaining and assuring the accuracy and consistency of data over its entire life-cycle.

  8. Data Security | Integrity and Data Breaches Confidentiality Integrity brings auditability and transparency of evidence to governance frameworks that allows the citizen, public, and private sector to mutually audit each other’s activities in accordance with an agreed upon governance framework. Preventing the disclosure of information to unauthorized individuals or systems. Security Model Availability Integrity Maintaining and assuring the accuracy and consistency of data over its entire life-cycle.

  9. Background | Traditional Approach attacker ??? BUILD A FENCE AROUND THE DATA Which has fundamental flaws… …you can’t be 100% sure the fence is working (no instrumentation) ...supervisors, courts and the public have no transparency …cloud computing means the perimeter blurs …over 50% of electronic fraud is conducted by insiders insider

  10. Cloud Blurs the Perimeter 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 Perimeter control Trusted insiders Data in vaults Firewalls IDS/IPS/DPI SIEM/SEM etc... Perimeter control ??? Trusted insiders ??? Data in vaults ??? Where is my data ??? Who is accessing my data ??? Has the data changed ??? How can I trust the service provider ??? “Who Protects the Insurance Industry From the Protector”

  11. Fundamental Difference in Approaches Effort to making sure fence is OK Effort to making sure data is OK 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 Traditional approach to data integrity Required approach to data integrity

  12. Emergence of New StandardsFor Risk Mitigation and Warranty in the Insurance Industry Today

  13. Keyless Signature Infrastructure - KSITMConcept Equating Digital Assets to Physical Assets By Use of Standards in the Policy Wordings 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 = + Keyless Signature Electronic Data KSI-signed Electronic Data The Keyless Signature is like an electronic stamp or digital fingerprint which enables the properties of the data to be verified using formal mathematical methods without relying on systems administrators and keys. KSITM - EU Standard Founded in Estonia

  14. Active Data Integrity in the Cloud 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 Signed data Signature verification Alert, if verification fails

  15. Snowden Would Never Have Been Able to Do What He Did if Data Logs Were Signed Keyless Signature makes it impossible to lie Governments and corporations and citizens get complete accountability and transparency as everything that happens can be independently verified

  16. Use Case | Data Breach Lifecycle Management Data Breach Incident time PRIOR TO BREACH Reasonable and appropriate measures to manage future data breach incident DURING BREACH Alerting for rapid response and damage limitation POST BREACH Short Term Forensic analysis POST BREACH Long Term Subrogation mitigation and eDiscovery INPUT DATA HASH FUNCTION AXSJ76SNWCRVRVLFFAONRDNZG4VUSU2HAS7D Hash Value

  17. Veracity of Big Data – Avoiding Cyber Sub Prime RISK NEXUS – Beyond Data Breaches Global Interconnections of Cyber Risk The Vulnerability of Things

  18. DATA BREACH SOLUTION | Mitigate, Prevent, Warranty PRIMARYsolution to potential data breach is risk mitigation, prevention and best practice security standards on data integrity. The SECONDARY solution then is the insurance and reinsurance market. Cannot have one without the other but we concentrate here on the primary solution to provide best practice and warranty to the secondary solution. This will lead to enterprise wide cyber cover, reduced legal reserving, subrogation control, precursor to cover, warranty for claim payment and supply chain risk mitigation. This means being equipped to operate in the new M2M and digital ecosystem and data ecology world.

  19. Th • 1. Data Becomes a Tangible Asset • 2. Data via IFRS Appears on Balance Sheet • 3. Data - Rated, Taxed,Valued and Quantified • 4. Data Ownership Guaranteed and Attributable • 5. Data Integrity, Non Repudiation and Verifiable • 6. Data Asset Exchanges – Digital Ecosystem The Digital Futurescape

  20. Thank You David Piesse +852 9858 6102 www.guardtime.com 50th Anniversary IIS Annual Seminar, June 24th, 2014

More Related