The wave of data breaches raises two pressing questions: Why don't we defend our networks better? And, what practical incentives can we create to improve our defenses? Why Don't We Defend Better?: Data Breaches, Risk Management, and Public Policy answers those questions. It distinguishes three technical sources of data breaches corresponding to three types of vulnerabilities: software, human, and network. It discusses two risk management goals: business and consumer. The authors propose mandatory anonymous reporting of information as an essential step toward better defense, as well as a general reporting requirement. They also provide a systematic overview of data breach defense, combining technological and public policy considerations.
Features Explains why data breach defense is currently often ineffective Shows how to respond to the increasing frequency of data breaches Combines the issues of technology, business and risk management, and legal liability Discusses the different issues faced by large versus small and medium-sized businesses (SMBs) Provides a practical framework in which public policy issues about data breaches can be effectively addressed
1 Introduction 2 Software Vulnerabilities 3 (Mis)management: Failing to Defend Against Technical Attacks 4 A Mandatory Reporting Proposal 5 Outsourcing Security 6 The Internet of Things 7 Human Vulnerabilities 8 Seeing the Forest: An Overview of Policy Proposals
Robert H. Sloan, PhD, is a Professor and Head of the Department of Computer Science at the University of Illinois, Chicago. Richard Warner, PhD, is a Professor Norman and Edna Freehling Scholar at Chicago-Kent College of Law in Illinois.