Privacy Data Loss An Operational Risk Approach Michael Aiello Polytechnic University FE675 Operational Risk.

Slides:

Advertisements

Similar presentations

It is to determine risk from the balance sheet Presented by: Priscilla Wong ( ) Carmen Wong ( ) Carly Wong ( )

Advertisements

Credit Risk Plus November 15, 2010 By: A V Vedpuriswar.

II. Potential Errors In Epidemiologic Studies Random Error Dr. Sherine Shawky.

1 ACI Annual Audit Committee Survey - Global M A R K E T I N G & C O M M U N I C A T I O N S R E S E A R C H Charles Garbowski Research February 21, 2006.

Forecasting Computer Crime Complaints Adnan Omar Ada Kwanbunbumpen David Alijani.

Target Data Breach – Cost of the Learning Curve Discuss the recent Target data breach and its impact on the industry as well as individuals January 29/30,

Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com

Copyright Security-Assessment.com 2006 Protecting The Data Data security, compliance, disclosure requirements and what can happen if you get it wrong Presented.

ECONOMIC EVALUATION OF POLLUTION PREVENTION PROJECTS CHAPTER 11.

 Transaction  It is a business event for example a sale of inventory “Hall 2009”

Presenting DFA Results to Decision Makers Spring 2008 Midwest Actuarial Forum.

Center for Risk Management of Engineering Systems University of Virginia Linking the Economics of Cyber Security and Corporate Reputation Barry Horowitz.

Fundamentals and Terminology. Introduction Definitions and terms.

Classical Techniques: Statistics, Neighborhoods, and Clustering.

May 19, 2005 Managing a Global Catastrophe Portfolio CARe.

Principles of Safety. Introduction –Safety is no longer just the following of OSHA regulations –It is the coordination of all departments to produce the.

3rd Party Risk Categorization Process

© 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

Experimental Research

PRESENTATION OF THE CENTRAL GOVERNMENT DEBT By Isabelle Ynesta National Accounts and Economic statistics.

Thorsten L. Beck, Leora F. Klapper, Juan Carlos Mendoza World Bank, Washington D.C. The Typology of Partial Credit Guarantee Funds around the World.

1 Maximizing Your 401(k) Plan Investments With New Fee and Investment Disclosures.

Risk Assessments/Risk Appetite Judith Gruenbaum 1.

Delivering the promises. Title: Punishment for good behavior ? For:28 th Annual Caribbean Insurance Conference By:Jan Willemse Date:2 juni 2008.

AMR Deployment Managing All That Data The Typical Process Buy Meter Test Meter Ship Meter Issue Install Setup Account Start Billing Remov e Meter.

1 Designing Substantive Procedures The auditor “must plan and perform the audit to reduce the audit risk to an acceptably low level that is consistent.

NETA PowerPoint Presentations to accompany The Future of Business Fourth Edition Adapted by Norm Althouse, University of Calgary Copyright © 2014 by Nelson.

ACCOUNTING PRINCIPLES. Accounting principles can be subdivided into two categories:  Accounting Concepts; and  Accounting Conventions.

Types of Risk Introduction To Business. Today’s Goals Define risk and the different types of economic risk. Determine which risks are controllable and.

Conducting Compliance Assessments and Building Internal Controls In Pharmaceutical R&D Third Annual Medical Research Summit – Session 2.01 Michael Swiatocha.

Financial Accounting and Its Environment Chapter 1.

CIA Annual Meeting LOOKING BACK…focused on the future.

A Balanced Approach to SDWA Regulatory Compliance.

1 1 How to reduce the reporting burden whilst still obtaining high quality data Two practical examples from Norwegian financial markets statistics Ole.

INTERNATIONAL FINANCE Lecture 28. Review Economic Exposure with Empirical Analysis An MNC can determine its exposure by assessing the sensitivity MNC.

1 The Importance of Cost Control OH 1-1.

Ratio Analysis Ratio analysis is a particular type of financial statement analysis where the relationship between two or more items from the financial.

Relationships in Supply Chain Management

E-BILLING MOTIVATION. Introduction  E-billing is the electronic delivery of financial documents to the customer, that represents and replaces the conventional.

R&D PROGRAM RISK ASSESSMENT Yuri Tsenkov UNWE – DNRS.

Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here.

BUS 212 RM&I I Spring 2006 copyright, SJH Minimizing the Risk of Operating a Small Business Through Risk Management… …and next week: Insurance.

Treatment of Risks in the Measurement of FISIM Satoru Hagino Director, Statistics Development and Coordination Research and statistics department Bank.

 Advantages  Context-independent, hence applicable regardless of source, medium, location, affected interests (“risk science”)  Calculable, hence comparable.

Chapter 1 McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

 Allows researchers to detect cause and effect relationships  Researchers manipulate a variable and observe whether any changes occur in a second variable.

Risk assessment and Natural Hazards. Concept of vulnerability (e.g. fatalities in two contrasting societies) Deaths 1 …………………………………………

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.

Bar Graphs Used to compare amounts, or quantities The bars provide a visual display for a quick comparison between different categories.

1 The 28 th Annual International Computer Software and Applications Conference COMPSAC 2004 Hong Kong September 28, :30 am – 12:00 noon Session.

McGraw-Hill © 2007 The McGraw-Hill Companies, Inc. All rights reserved. Slide 1 Sociological Research SOCIOLOGY Richard T. Schaefer 2.

Ratio Analysis…. Types of ratios…  Performance Ratios: Return on capital employed. (Income Statement and Balance Sheet) Gross profit margin (Income Statement)

© 2009 Michigan State University licensed under CC-BY-SA, original at Incident Management.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

Catastrophes Insurable vs. Non-Insurable Catastrophes

Managing Revenue and Expense

Measuring the Impact of Business Profiling in the UK Wiesbaden Group on Business Registers Profiling (Costs and Benefits) Tallinn, Estonia, September.

Cyber Trends and Market Update

University of Sri Jayewardenepura

Mandatory Breach Reporting (isn’t *that* bad)

Risk parameters (consequence)

Anthem Data Breach Group 2: Jing Jiang, Dongjie Wang, Haitao Huang, Binju Gaire, Parneet Toor.

Objectives, Strategies and Related Business Risks

Risk Articulation Articulation Translation to Risk Register

Researching Industry Financial Statistics

A New Concept for Laboratory Quality Management Systems

RISK RATING GUIDE APPENDIX C LIKELIHOOD RATING Rating Description

Chapter 12 Vocabulary.

Presentation transcript:

Privacy Data Loss An Operational Risk Approach Michael Aiello Polytechnic University FE675 Operational Risk

Private Information Customer Records (Paper or Electronic) Customer Records (Paper or Electronic) California Senate Bill 1386 requires institutions to disclose to their California customers’ if their information is exposed to non-trusted 3 rd parties. California Senate Bill 1386 requires institutions to disclose to their California customers’ if their information is exposed to non-trusted 3 rd parties. Legal impact Legal impact Impact on Reputation Impact on Reputation An event where a customer’s private information is exposed should be considered a loss event and accounted for when calculating operational risk An event where a customer’s private information is exposed should be considered a loss event and accounted for when calculating operational risk

Available Data ChoicePoint data set ChoicePoint data set May have interest in keeping counts high May have interest in keeping counts high

Available Data PrivacyRights.org PrivacyRights.org May be more objective about events May be more objective about events

Impact 232 days of data 232 days of data 83 loss events (18 for financial sector) 83 loss events (18 for financial sector) 35% chance of loss event each day. 35% chance of loss event each day.

Impact One incident involving 40M records and another affecting One incident involving 40M records and another affecting 4M (not counted in these statistics) 4M (not counted in these statistics) 7M records compromised (4.3M for the financial sector) 7M records compromised (4.3M for the financial sector) records lost per day records lost per day

Impact By Incident Mostly “hacking” in both number of events and impact of events Mostly “hacking” in both number of events and impact of events

Impact By Incident Mostly “hacking” in both number of events and impact of events Mostly “hacking” in both number of events and impact of events

Operational Risk Approach View Monthly snapshot of events and impact View Monthly snapshot of events and impact Understand probability of X events occurring in a given month Understand probability of X events occurring in a given month Understand probability of Y customer records lost in a given month Understand probability of Y customer records lost in a given month Determine if these are independent. Determine if these are independent. Focus on the financial sector Focus on the financial sector

Loss Events

Records Exposed

Realization There is no significant correlation between number of events and number of records lost. There is no significant correlation between number of events and number of records lost. Must attempt to predict loss events and amounts independently. Must attempt to predict loss events and amounts independently.

Statistical Analysis – Exposure Events All SectorsFinancial Sector

Statistical Analysis – Exposure Events All SectorsFinancial Sector

Statistical Analysis – Exposure Events All SectorsFinancial Sector

Statistical Analysis – Records Exposed All SectorsFinancial Sector

Statistical Analysis – Records Exposed All SectorsFinancial Sector

Statistical Analysis – Records Exposed All SectorsFinancial Sector

Conclusions Significant problem of costumer data exposure across industries that handle such data Significant problem of costumer data exposure across industries that handle such data Minimal relationship between # of events and records lost Minimal relationship between # of events and records lost The incident and loss curves for the finance sector are similar to the industry as a whole The incident and loss curves for the finance sector are similar to the industry as a whole This type of comparison may help in the understanding the financial sector’s risk (particularly with small data sets) This type of comparison may help in the understanding the financial sector’s risk (particularly with small data sets)

Concerns Validity of raw data Validity of raw data Trends in legislation enforcement (more?) Trends in legislation enforcement (more?) Amount of customer information is not a function of the gross revenue of an institution Amount of customer information is not a function of the gross revenue of an institution Reputational Risk = Hazard + Outrage. Outrage of an individual may be significantly less if millions of records were exposed as opposed to only a few. Reputational Risk = Hazard + Outrage. Outrage of an individual may be significantly less if millions of records were exposed as opposed to only a few. Orders of magnitude difference in amount of lost data may only have minimal impact. Orders of magnitude difference in amount of lost data may only have minimal impact. Impact may vary by type of data lost. Impact may vary by type of data lost.