Insurability of cyber risks emphasis on data integrity to allow enterprise wide cyber cover
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

Insurability of Cyber Risks Emphasis on Data Integrity to Allow Enterprise Wide Cyber Cover PowerPoint PPT Presentation


  • 78 Views
  • Uploaded on
  • Presentation posted in: General

Insurability of Cyber Risks Emphasis on Data Integrity to Allow Enterprise Wide Cyber Cover. David Piesse. 50 th Anniversary IIS Annual Seminar, June 24 th , 2014. Estonia | NATO Cyber Security. The symbol of Estonian Cyber Defense League. Estonia | Cyber defenses tested in 2007.

Download Presentation

Insurability of Cyber Risks Emphasis on Data Integrity to Allow Enterprise Wide Cyber Cover

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Insurability of cyber risks emphasis on data integrity to allow enterprise wide cyber cover

Insurability of Cyber RisksEmphasis on Data Integrity to Allow Enterprise Wide Cyber Cover

David Piesse

50th Anniversary IIS Annual Seminar, June 24th, 2014


Insurability of cyber risks emphasis on data integrity to allow enterprise wide cyber cover

Estonia | NATO Cyber Security

The symbol of Estonian Cyber Defense League


Insurability of cyber risks emphasis on data integrity to allow enterprise wide cyber cover

Estonia | Cyber defenses tested in 2007


The internet was not really designed with an authentication layer

The INTERNET was not really designed with an authentication layer!

Sir Tim

Dr. Vin

Picture Source - New Data Ecologies – BNY Mellon


Background data integrity is crucial for the digital world

Background | Data Integrity is Crucial for the Digital World


Data integrity is the gaping hole in security

Data Integrity is the Gaping Hole in Security

Target: A Confidentiality or Integrity Breach ?

Most people think the Target compromise was a breach of confidentiality. They are right – the end result was loss of customer credit card data. What they overlook is what caused the breach which was an attack on integrity – a compromise of credit card database configuration(s), machine reader software, and security layer components that led to the loss of credit card information.

New cyber security and data protection strategies are proposed to deliver above the current best practices , primarily focused on compliance and risk mitigation. They will inevitably focus on more confidentiality, encryption, perimeter defense and they will likely not address the full model containing data integrity and leakage.


Data security triad

Data Security Triad

Confidentiality

Preventing the disclosure

of information to unauthorized individuals or systems.

Security

Model

Availability

Integrity

Making sure that the computing systems, the security controls, and the communication channels are functioning correctly.

Maintaining and assuring the accuracy and consistency of data over its entire life-cycle.


Data security integrity and data breaches

Data Security | Integrity and Data Breaches

Confidentiality

Integrity brings auditability and transparency of evidence to governance frameworks that allows the citizen, public, and private sector to mutually audit each other’s activities in accordance with an agreed upon governance framework.

Preventing the disclosure

of information to unauthorized individuals or systems.

Security

Model

Availability

Integrity

Maintaining and assuring the accuracy and consistency of data over its entire life-cycle.


Background traditional approach

Background | Traditional Approach

attacker

???

BUILD A FENCE AROUND THE DATA

Which has fundamental flaws…

…you can’t be 100% sure the fence is working (no instrumentation)

...supervisors, courts and the public have no transparency

…cloud computing means the perimeter blurs

…over 50% of electronic fraud is conducted by insiders

insider


Cloud blurs the perimeter

Cloud Blurs the Perimeter

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

Perimeter control

Trusted insiders

Data in vaults

Firewalls

IDS/IPS/DPI

SIEM/SEM

etc...

Perimeter control ???

Trusted insiders ???

Data in vaults ???

Where is my data ???

Who is accessing my data ???

Has the data changed ???

How can I trust the service provider ???

“Who Protects the

Insurance Industry

From the Protector”


Fundamental difference in approaches

Fundamental Difference in Approaches

Effort to making sure fence is OK

Effort to making sure data is OK

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

Traditional approach to data integrity

Required approach to data integrity


Emergence of new standards for risk mitigation and warranty in the insurance industry today

Emergence of New StandardsFor Risk Mitigation and Warranty in the Insurance Industry Today


Keyless signature infrastructure ksi tm concept

Keyless Signature Infrastructure - KSITMConcept

Equating Digital Assets to Physical Assets

By Use of Standards in the Policy Wordings

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

=

+

Keyless Signature

Electronic Data

KSI-signed Electronic Data

The Keyless Signature is like an electronic stamp or digital fingerprint which enables the properties of the data

to be verified using formal mathematical methods without relying on systems administrators and keys.

KSITM - EU Standard Founded in Estonia


Active data integrity in the cloud

Active Data Integrity in the Cloud

10101010101

01010101010

10101010101

01010101010

10101010101

01010101010

Signed data

Signature verification

Alert, if verification fails


Snowden would never have been able to do what he did if data logs w ere signed

Snowden Would Never Have Been Able to Do What He Did if Data Logs Were Signed

Keyless Signature makes it impossible to lie

Governments and corporations and citizens get

complete accountability and transparency

as everything that happens

can be independently verified


Insurability of cyber risks emphasis on data integrity to allow enterprise wide cyber cover

Use Case | Data Breach Lifecycle Management

Data Breach Incident

time

PRIOR TO BREACH

Reasonable and appropriate measures to manage future data breach incident

DURING BREACH

Alerting for rapid response and damage limitation

POST BREACH

Short Term

Forensic analysis

POST BREACH

Long Term

Subrogation mitigation and eDiscovery

INPUT DATA

HASH FUNCTION

AXSJ76SNWCRVRVLFFAONRDNZG4VUSU2HAS7D

Hash Value


Veracity of big data avoiding cyber sub prime

Veracity of Big Data – Avoiding Cyber Sub Prime

RISK NEXUS – Beyond Data Breaches

Global Interconnections of Cyber Risk

The Vulnerability of Things


Data breach solution mitigate prevent warranty

DATA BREACH SOLUTION | Mitigate, Prevent, Warranty

PRIMARYsolution to potential data breach is risk mitigation, prevention and best practice security standards on data integrity.

The SECONDARY solution then is the insurance and reinsurance market.

Cannot have one without the other but we concentrate here on the primary solution to provide best practice and warranty to the secondary solution.

This will lead to enterprise wide cyber cover, reduced legal reserving, subrogation control, precursor to cover, warranty for claim payment and supply chain risk mitigation. This means being equipped to operate in the new M2M and digital ecosystem and data ecology world.


Insurability of cyber risks emphasis on data integrity to allow enterprise wide cyber cover

Th

  • 1. Data Becomes a Tangible Asset

  • 2. Data via IFRS Appears on Balance Sheet

  • 3. Data - Rated, Taxed,Valued and Quantified

  • 4. Data Ownership Guaranteed and Attributable

  • 5. Data Integrity, Non Repudiation and Verifiable

  • 6. Data Asset Exchanges – Digital Ecosystem

The Digital Futurescape


Thank you

Thank You

David Piesse +852 9858 6102 www.guardtime.com

50th Anniversary IIS Annual Seminar, June 24th, 2014


  • Login