Why Don't We Defend Better? Data Breaches, Risk Management, and Public Policy
Auteurs : Sloan Robert, Warner Richard
The wave of data breaches raises two pressing questions: Why don?t we defend our networks better? And, what practical incentives can we create to improve our defenses? Why Don't We Defend Better?: Data Breaches, Risk Management, and Public Policy answers those questions. It distinguishes three technical sources of data breaches corresponding to three types of vulnerabilities: software, human, and network. It discusses two risk management goals: business and consumer. The authors propose mandatory anonymous reporting of information as an essential step toward better defense, as well as a general reporting requirement. They also provide a systematic overview of data breach defense, combining technological and public policy considerations.
Features
- Explains why data breach defense is currently often ineffective
- Shows how to respond to the increasing frequency of data breaches
- Combines the issues of technology, business and risk management, and legal liability
- Discusses the different issues faced by large versus small and medium-sized businesses (SMBs)
- Provides a practical framework in which public policy issues about data breaches can be effectively addressed
1 Introduction
2 Software Vulnerabilities
3 (Mis)management: Failing to Defend against Technical Attacks
4 A Mandatory Reporting Proposal
5 Outsourcing Security
6 The Internet of Things
7 Human Vulnerabilities
8 Seeing the Forest: An Overview of Policy Proposals
Robert H. Sloan, PhD, is a Professor and Head of the Department of Computer Science at the University of Illinois, Chicago.
Richard Warner, PhD, is a Professor Norman and Edna Freehling Scholar at Chicago-Kent College of Law in Illinois.
Date de parution : 03-2021
13.8x21.6 cm
Date de parution : 07-2019
13.8x21.6 cm
Thèmes de Why Don't We Defend Better? :
Mots-clés :
Health Care Apps; Antivirus Software; cybersecurity; FTC Action; network security; IoT Device; data protection; Data Breaches; Equifax; Intrusion Detection Systems; hackers; Risk Management Goal; fraud; General Data Protection Regulation; legal liability; Intrusion Prevention Systems; risk management; POS System; public policy; Software Vulnerabilities; data breach defense; Outsourcing Security; Prevailing Industry Practices; Wyndham Hotels; Breach Notification Laws; Nest Camera; Multifactor Authentication; Pci Standard; Mandatory Reporters; Application Whitelisting; United States Computer Emergency Readiness; Lemons Market; POS Terminal; Insecure Software; Negligence Liability