GR Semicolon EN

Show simple item record

dc.contributor.author
Patias, Emmanouil - Panagiotis
en
dc.date.accessioned
2016-05-13T16:50:44Z
dc.date.available
2016-05-14T00:00:28Z
dc.date.issued
2016-05-13
dc.identifier.uri
https://repository.ihu.edu.gr//xmlui/handle/11544/14543
dc.rights
Default License
dc.subject
Data Breaches
en
dc.title
Calculation, Insurance and Risk Management for Data Breaches
en
heal.type
masterThesis
el
heal.creatorID.dhareID
Emmanouil Patias
heal.generalDescription
Nowadays, information exchange, in any format, is a main process which takes place worldwide, especially due to the abrupt spread of the Internet Billions of Internet users (physical or virtual users) share their information via a chaotic grid, in which information may be transferred though numerous and various distinguished parts such as computers, servers, optical or coax cables, satellites etc. until it reaches the final destination. Information can be stored on a local computer or on a server and be exchanged among network users. It is obvious that we are going to deal with the information protection which is processed, transmitted among users and stored in digital format. This practice of defending information is called Information Security, and incidents where information is stolen by an unauthorized user or system are called Data Breaches, and more often the victims are companies and organizations. The attackers target sensitive and private data that can be valuable or their infringement can cause reputation and operation issues to the organization or company. As a result, a vital necessity for every organization that stores and processes sensitive or private data is to conduct research about countermeasures that can protect and ensure its overall business operation. However, there are many ambiguous and murky points when an organization does market research or wonders about the security level within the organization and the overall protection that the organization offers with respect to data that it possesses. For that reason, a web application is required, which will advise a company owner or a security manager and will help him or her to clarify all these grey areas about the necessity or not of continuous, dedicated and increasing Information Security policies which would lead to the development of a Data Breach security product whose aim is to maximize an organization’s existing security and its confidence.
en
heal.classification
Data Breaches Risk Management Data Isurance
en
heal.keywordURI.LCSH
Databases
heal.keywordURI.LCSH
Database management
heal.keywordURI.LCSH
Data protection
heal.keywordURI.LCSH
Cultural property--Protection--Data processing.
heal.keywordURI.LCSH
Computer security
heal.keywordURI.LCSH
Computer networks--Security measures
heal.language
en
el
heal.access
free
el
heal.license
http://creativecommons.org/licenses/by-nc/4.0
el
heal.references
European Union Agency for Network and Information Security http://www.enisa.europa.eu [2] BSI - Standard 100 - 1, Information Security Management Systems. http:// www.bsi.bund.de/grundschutz [3] Real World Business Technology www.tomsitpro.com [4] http://perspectives.avalution.com [5] Data Breach Investigation Reports 2011(DBIR) (Verizon) [6] asfalistikomarketing.gr [ 7 ] https://report.kaspersky.com/ [ 8 ] Myth 2: The Gre ek companies do not face incidents of violation systems & data loss. Nikos Georgopoulos CyRM [9] 2 015 International Compendium of Data Privacy Laws , BakerHostetler [ 10 ] Kaspersky Lab – Damage Control: The Cost of Security Breaches IT Security Risks Spe cial Report Series [ 11 ] Ponemon - 2014 Cost of Data Breach Study: Global Analysis [1 2 ] Application of Dempster - Shafer theory in con dition monitoring applications: Chinmay R. Parikh, Michael J. Pont1 and N. Barrie Jones Research Group Department of Engine ering University of Leicester , UK
el
heal.recordProvider
School of Science and Technology, MSc in Information & Communication Technology Systems
el
heal.publicationDate
2016-05-13
heal.abstract
Nowadays, information exchange, in any format, is a main process which takes place worldwide, especially due to the abrupt spread of the Internet Billions of I nternet users (physic al or virtual users) share their information via a chaotic grid, in which information may be t ransfe r r ed though numerous and various distinguish ed parts such as computers, servers, optical or coax cables, satellites etc. until it reaches the final destinat ion. Information can be stored on a local computer or on a server and be exchanged among network users . It is obvious that we are going to deal with the information protection which is processed, transmitted among users and stored in digital format . This practice of defending information is called Information Security , and incidents where information is stolen by an unauthorized user or system are called Data Breaches , and more often the victims are companies and organizations. The attackers target sensiti ve and private data that can be valuable or their infringement can cause reputation and opera tion issues to the organization or company. As a result, a vital necessity for every organization that stores and processes sensitive or private data is to cond uct research about countermeasures that can protect and ensure its overall business operation. However, there are many ambiguous and murky points when an organization does market research or wonder s about the security level within the organization and the overall protection that the organization offers with respect to data that it possesses. For that reason, a web application is required, which will advise a company owner or a security manager and will help him or her to clarify all these grey areas about the necessity or not of continuous, dedicated and increasing Information Security policies which would lead to the development of a Data Breach security product whose aim is to maximize an organization’s existing security and its confidence.
en
heal.tableOfContents
ABSTRACT ................................ ................................ ................................ ................. II CONTENTS ................................ ................................ ................................ .................. V 1 INTRODUCTION ................................ ................................ ................................ ...... 9 2 INFORMATION S ECURITY MANAGEMENT SYSTEM (ISMS) .................... 10 2.1 ISMS F RAMEWORK / ISO STANDARDS FOR IT ................................ ................. 11 2.1.1 ISMS Framework ................................ ................................ ............... 13 2.1.2 ISO standards for IT ................................ ................................ .......... 14 2.2 U SEFULNESS OF AN ISMS M ANAGEMENT ................................ ..................... 16 2.2.1 Management Principles ................................ ................................ .... 17 2.2.2 IT: Continuous Development and Maintenance ........................... 19 2.2.3 W AYS TO DEPLOY AND IM PROVE SECURE BUSINES S NETWORKS ...... 19 2.3 PDCA M ODEL FOR ISMS. ................................ ................................ ............. 23 3 DATA BREACHES AND CY BERSECURITY ................................ ................... 24 3.1 W HAT D ATA B REACH IS AND ITS EF FECTS ................................ ..................... 25 3.2 D ATA B REACH – T HREAT AGENTS ................................ ................................ . 25 3.2.1 External Factors ................................ ................................ ................ 26 3.2.2 Internal Factors ................................ ................................ .................. 27 3.2.3 Partners ................................ ................................ .............................. 28 3.2.4 Threat actions and Hacking Methods ................................ ............ 28 3.3 I NCOMPLETE D ATA S ECURITY / C OMMON P ITFALLS ................................ ..... 30 3.4 D ISCOVERING A D ATA B REACH ................................ ................................ ...... 31 3.4.1 Things that uncov er security problems ................................ .......... 31 3.4.2 Immediate and Necessary Actions ................................ ................. 32 3.4.3 Averting Future Data Breaches ................................ ....................... 32 3.5 C YBER S ECURITY ................................ ................................ ........................... 33 3.5.1 Cybercrime ................................ ................................ ......................... 34 - vi - 3.5.2 On - line Privacy ................................ ................................ .................. 35 3.6 D IFFERENCES BETWEEN C YBER S ECURITY AND I NFORMATION A SSURANCE . ................................ ................................ ................................ ... 37 4 RISK MANAGEMENT – RISK ASSESSMENT ................................ ................ 38 4.1 R ISK A SSESSMENT – D EFINITION ................................ ................................ .. 38 4.2 E FFICIENT R ISK A SSESSMENT F UNDAMENTALS ................................ ............ 39 4.3 R ISK A SSESSMENT C ASE S TUDY : C OMPUTER S OFTWARE C OMPANY ......... 40 4.3.1 Stage 1: Commencement ................................ ................................ 42 4.3.2 Stage 2: Operation and documentation ................................ ........... 42 4.3.3 Stage 3: Collecting Data ................................ ................................ .. 43 4.3.4 Stage 4: Analysis ................................ ................................ ................. 43 4.3.5 Stage 5: Final report and assurance that pre - agreed actions are applied. ................................ ................................ ................................ ............ 44 4.4 R ISK M ANAGEMENT : D EFINITION ................................ ................................ ... 44 4.4.1 Risk Management Cycle ................................ ................................ .. 45 4.4.2 Risk Management: Privacy ................................ .............................. 46 5 CYBER INSURANCE ................................ ................................ ............................ 47 5.1 C YBER I NSU RANCE IN G REECE : P ERSPECTIVES ................................ ........... 48 5.2 S ECURITY L IMITATIONS – B LACK M ARKET G ROWTH ................................ ..... 50 5.3 C YBER I NSURANCE : E VOLUTION ................................ ................................ .... 53 5.4 D ATA P RIVACY AND D ATA P ROTECTION IN G REECE ................................ ..... 54 6 DB.EST (DATA BREACH ESTIMATION TOOL) ................................ ............. 60 6.1 A PPLICATION PRESENTAT ION ................................ ................................ ............ 60 6.1.1 Data Breach: probability/risk estimation ................................ ........ 61 6.1.2 Data Breach Recovery Cost Calc ulation ................................ ......... 61 6.2 D EMPSTER – S HAFER T HEORY ................................ ................................ ......... 62 6.2.1Application of the Dempster - Shafer theory to the Data Breach estimation. ................................ ................................ ................................ ...... 63 6.2.2 Dempster – Shafer Scenarios / Validation ................................ ... 66 7 CONCLUSION ................................ ................................ ................................ ......... 77 - vii - B IBLIOGRAPHY ................................ ................................ ................................ ....... 79 9 APPENDIX: DB.EST ................................ ................................ ................................ .. 80
en
heal.advisorName
Katos, Vasilis
en
heal.committeeMemberName
Katos, Vasilis
en
heal.academicPublisher
IHU
en
heal.academicPublisherID
ihu
el
heal.numberOfPages
95
el


This item appears in the following Collection(s)

Show simple item record

Related Items