Add to collection(s) Add to saved
  1. Business
  2. Finance

VALUE of Personal Info. Leaked - Cybersecurity center, Kyushu

International Workshop on CyberSecurity with UNSW, 2015 July 8th
How much is your phone-number,
living address or date of your birth ?
Compensation for leaking
personal identity information
Kouichi SAKURAI (CSC@KyushuUniv. & ISIT )
jointwork with
Tomohisa ISHIKAWA
(External PhD-student of Kyushu Univ.
CISSP, CISA, CISM, QSA, CFE)
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
Todays’ talk
 Recent Incident around Personal Information Leakage
• Japan Pension Service [JP. 2015/May, Advanced Persistent Threat]
• Benesse [JP. Education, 2014/July, a kind of Insider Threat]
• Target [US. Retails, 2014/Jan. POS/IoT Malware]
 Cyber Risk Insurance
• 2012/Apr. from AIU/AIG-JP
• Yet a small business at 2015/Mar.
• 2015/Feb. from Tokyo Marine & Nichido Fire Insurance Co., Ltd.
 Compensation in Personal Identifiable Information Leakage
• JNSA Damage Operation(JO) Model for Individual Information Leak [JP.2003]
• Application of JO-model and its limitation (Gap from Real)
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
2
3. The Compensation in Real World and Analysis
Japan Pension Service Information Breach 2015 May
 Information Breach in Japan Pension Service
• Typical targeted attack but catastrophic harm
1.
2.
3.
4.
Targeted E-mail
PCs in JPS are infected by Malware
Attackers gain the critical info. Via infected PC
The confidential info. is leaked. 450,000-people-infor [no password]
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
3
3. The Compensation in Real World and Analysis
The Compensation in Real World
 Example : Benesse 2014 July
• A Famous educational company.
• A staff bring out the 35M client’s data for gaining money
• Benesse pay 500 Yen gift card for all victims, and total cost
for compensation is more than 20 billion yen.
 The some of victims have “collective lawsuit”[集団訴訟].
• The participants in collective lawsuit request 55,000 Yen per
person as the compensation.(5,000 Yen is the fee of lawyers.)
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
4
3. The Compensation in Real World and Analysis
The Compensation in Real World
 Example : Target(Retails)2014 JAN.
• Information breach caused by POS malware
• 70M customers’ personal info. leaked
• 40M customers’ credit card info. leaked
• Many Class Action (= The type of collective lawsuit)
• In Feb. 2015, the total cost of countermeasure is $191M.
• In March 2015, Target agree in court to pay $10M in data breach
lawsuit and target compensate up to $10,000 for the damage o
victims.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
5
3. The Compensation in Real World and Analysis
Cyber Insurance
 Cyber Insurance in Japan
• Example:Tokio Marine PII Leakage Insurance 2015 Feb.
• Legal Compensation Cost + Incident Response Cost
• Legal Compensation Cost:Support the cost related to legal issue
• Coverage:5M ~ 10B Yen
• Incident Response Cost:Support the cost for incident response
• Coverage:1M ~ 1B Yen
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
6
INSURANCE
 Physical Insurance [Long history, Matured]
• Car/Vehicle [against Accidents/for Repearing]
• Travel [against theft/robbery]
• Health [against Sick/for Medical Doctor]
 Cyber Insurance
• For what ?
• Related to Price of our personal information
•
•
•
•
Phone number
E-Mail-address
Birthday
Health Condition, etc…
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
7
3. The Compensation in Real World and Analysis
The Compensation in Real World
 The Compensation in Real World
• In Japan, the regulation of compensation for personal identifiable
information leakage does not exist YET.
• Past example and civil trials decide the compensation.
• Not so long history yet
• Sugahara, Harada(2013)
A study on the compensation by company/organization when privacy and
personal information are compromised
• Conducting Questionnaire Research
• Basic personal information such as cell phone and purchase info.
is cheap, and the majority is within 1,000 yen.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
8
3. The Compensation in Real World and Analysis
The Analysis of Compensation in Real World PART1
 Our Research:39 Cases Study(2002~2015)
• Average:2,259 yen(The Average of JO Model:More than 40,000 Yen)
• According to our graphical analysis, majority of compensations
are 500 yen ~ 1000 yen.
グラフ タイトル
12,000
In this graph, more than
10,000 yen are plotted as
10,000 yen.
10,000
8,000
6,000
4,000
2,000
0
2001/04
2004/01
2006/10
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
2009/07
2012/04
2014/12
2017/09
9
3. The Compensation in Real World and Analysis
The Analysis of Compensation in Real World PART1
 If we see specific cases(High compensation・Civil Trial)…
• In civil trial case, more than 5,000 yen is paid, only financial
institution and civil trial case pay more than 10,000 yen
Year
High Comp.
Company
JO model
2002
TBC
35,000 Yen
66,000 Yen
2007
JAL Labor Union
10,000 Yen
606,000 Yen
2009
Mitsubishi UFJ Securities
10,000 Yen
180,000 Yen
2009
Alico Japan
10,000 Yen
26,000 Yen
Year
Lawsuit
Actual Cost
Company
1998
Uzi City
1998
Waseda University
2002
TBC
2004
Yahoo BB!
2007
JAL Labor Union
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
Actual Cost
JO model
15,000 Yen
66,000 Yen
5,000 Yen
606,000 Yen
35,000 Yen
66,000 Yen
6,000 Yen
12,000 Yen
10,000 Yen
606,000 Yen
10
1. Introduction
Related Research (ROSI)
 ROSI (Return On Security Investment)
• It evaluates cost-effective security
• Basic Concept : Security Investment < ALE = SLE × ALO
• ALE :
Annual Loss Expectancy
• SLE :
Single Loss Expectancy
• ALO :
Annual Rate of Occurrence
 ROSI is very popular concept in security consultation,
but it is hard to estimate each parameter (SLE & ALO).
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
11
1. Introduction
Related Research
 Security Financial Model
1. ROSI (Return On Security Investment)
2. JO Model
⇒ Explain Later
• With above model, security managers calculate the cost of
security incident and compensation fee. Also, choose the risk
management strategy (risk acceptance, risk avoidance, risk
reduction, risk transference).
• Cyber insurance is currently have become popular, and it is a
major method as a risk transference.(Latham & Watkins point
out that insurance is useful as “last line of defense”. )
• Latham & Watkins(2014)
• Cyber insurance: A last line of defense when technology fails.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
12
2. What is JO Model?
What is JO Model?
 What is JO Model?
• JNSA Damage Operation Model for Individual Information Leak
• JNSA developed this model in 2003.
• It is commonly used index in actual security consultation
because of the convenience of this model
 About JNSA
• Japan Network Security Association
• JNSA promotes security support and security research to each
organization, and they publishes a lot of research paper.
• Also, JNSA holds CTF SECurity CONtest (famous CTF in Japan).
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
13
2. What is JO Model?
What is JO Model?
 Evaluation Equation
Estimated Compensation Cost(each person)
= VALUE of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
14
2. What is JO Model?
The Factors of JO Model
 Factor 1:Value of Personal Information Leaked
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
Value of Personal Info. Leaked
= Value of Basic Info.
× Degree of Info. Sensitivity
× Degree of Ease in Identifying Individual
 Value of Basic Info. :500 Yen
 Degree of Info. Sensitivity: 𝑚𝑎𝑥(10𝑥−1 + 5𝑦−1 )
 Degree of Ease in Identifying Individual
Degree of Ease in Identifying Individual
Name AND Address
6
Name OR (Address + Phone Number)
3
Others
1
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
15
2. What is JO Model?
The Factors of JO Model
 Factor2:Social Responsibility Degree
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
Social Responsibility Degree
Higher than Normal
2
Normal
1
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
Public sector, leading
company, and the industry
defined by “Basic Policies
related to the Protection of
Personal Information” are
included.
16
2. What is JO Model?
The Factors of JO Model
 Factor3:Social Responsibility Degree
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
Post Incident Response Appraisal
Inappropriate
2
Normal
1
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
It is judged based on qualitative
reasons such as “response speed”
and “the existence of the inquiry.”
17
2. What is JO Model?
Application of JO Model
 Case Study:JINS Inc. (March 2013)
• Optician's shops
• Card information leakage happened by SQL Injection
•
•
•
•
Name + Card Number(PAN)+Security Code+ Expiration
The possibility of 12,036 records leaked → Actually 2,059 records
JINS pays 1,000 Yen gift card + the cost of reissuing payment card
Actual costs are approximately 18 million yen
• On Top of That…
• Investigation costs by PFI(PFI
Forensic Investigator), and the cost
for satisfying PCI DSS standards, the
cost of customer support and inquiry
is accumulated.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
18
2. What is JO Model?
Application of JO Model
 Case Study:JINS Inc.
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
Since car information is
leaked, “Degree of Ease in
Identifying the Individual” is
defined as 3.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
19
2. What is JO Model?
Application of JO Model
 Case Study:JINS Inc. ⇒ 39,000 Yen
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
: 39,000
:1
:1
39,000=𝟓𝟎𝟎 × 𝒎𝒂𝒙 𝟏𝟎𝟏−𝟏 + 𝟓𝟑−𝟏 × 𝟑
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
20
3. The Compensation in Real World and Analysis
The Analysis of Compensation in Real World PART2
 Gap Analysis between JO Model and Actual Compensation
• There is an enormous gap between JO model estimated costs
and actual compensation.
50,000
45,000
But, more than 50,000
yen are plotted as
50,000 yen.
40,000
35,000
30,000
25,000
20,000
15,000
10,000
5,000
0
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
21
3. The Compensation in Real World and Analysis
The Compensation in Real World
 The Compensation in Real World
• In Japan, the regulation of compensation for personal identifiable
information leakage does not exist in Japan.
• Past example and civil trials decide the compensation.
• Sugahara, Harada(2013)
A study on the compensation by company/organization when privacy and
personal information are compromised
• Conducting Questionnaire Research
• Basic personal information such as cell phone and purchase info.
is cheap, and the majority is within 1,000 yen.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
22
4. Wrap-Up
Wrap-Up
 This Research…
• Show huge gaps between JO model and actual compensation
costs even though society have become sensitive to personal
identifiable information leakage.
• Even now, the average compensation cost is 3,138 yen, and the
majority is within 500 yen to 1000 yen. Also, only financial
institution or the judgment of civil trials leads more than 5,000
yen compensation.
 Cyber Assurance covers too small in Real world Incident
• Support the cost for incident response
• Coverage:1M ~ 1B Yen
• Benesse did pay 500 Yen gift card for all victims
• total cost for compensation is more than 20 billion yen.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
23
Thank you for your attention, now Q&A
Actuary Math
 Cyber Actuary Economics
“Personal Data in CyberSpace
 Gas/Oil in Internet world”
by Makoto SHIROTA
A Study of Compensation in Personal
Identifiable Information Leakage
Tomohisa Ishikawa(CISSP, CISA, CISM, QSA, CFE)
Kouichi Sakurai(Kyushu University)
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
1. Introduction
2. What is JO Model?
3. The Compensation in Real World and Analysis
4. Wrap-Up
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
26
1. Introduction
2. What is JO Model?
3. The Compensation in Real World and Analysis
4. Wrap-Up
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
27
1. Introduction
The Background of Research
 The Motivation (Personal Interest)
• One of our interests is “The calculation model of compensation in
personal identifiable information leakage” and modeling related
to computer security. (It is major issues in security
consultation)
 The objectives
• The evaluation of compensation calculation model
• This research evaluates JO model that is used as
compensation calculation model in Japan from 2003.
• Even though society became sensitive in 2014, there is a
gap between JO model and actual compensation, and this
research have consideration.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
28
1. Introduction
Related Research
 Security Financial Model
1. ROSI (Return On Security Investment)
2. CyberTab
3. JO Model
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
29
1. Introduction
Related Research (ROSI)
 ROSI (Return On Security Investment)
• It evaluates cost-effective security
• Basic Concept : Security Investment < ALE = SLE × ALO
• ALE :
Annual Loss Expectancy
• SLE :
Single Loss Expectancy
• ALO :
Annual Rate of Occurrence
 ROSI is very popular concept in security consultation, but it
is hard to estimate each parameter (SLE & ALO).
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
30
1. Introduction
Related Research (CyberTab)
 Security Financial Model
1. ROSI (Return On Security Investment)
2. CyberTab
3. JO Model
 CyberTab is…
• Developed by The Economist Intelligence Unit.
• Cost calculation model of incident response against a particular threat.
• Useful because it points out the cost of legal, PR department that
usually we tend to forget to consider.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
31
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
32
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
33
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
34
1. Introduction
Related Research
 Security Financial Model
1. ROSI (Return On Security Investment)
2. CyberTab
3. JO Model
⇒ Explain Later
• Based on the above model, security managers calculate the cost
of security incident and compensation fee. Also, they choose the
risk management strategy(risk acceptance, risk avoidance, risk
reduction, risk transference).
• Cyber insurance is currently have become popular, and it is a
major method as a risk transference.(Latham & Watkins
pointed out that insurance is useful as “last line of defense”. )
• Latham & Watkins(2014) Cyber insurance: A last line of defense when technology fails.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
35
1. Introduction
2. What is JO Model?
3. The Compensation in Real World and Analysis
4. Wrap-Up
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
36
2. What is JO Model?
What is JO Model?
 What is JO Model?
• JNSA Damage Operation Model for Individual Information Leak
• JNSA developed this model in 2003.
• It is commonly used index in actual security consultation
because of the convenience of this model
 About JNSA
• Japan Network Security Association
• JNSA promotes security support and security research to each
organization, and they publishes a lot of research paper.
• Also, JNSA holds CTF SECCON (famous CTF in Japana).
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
37
2. What is JO Model?
What is JO Model?
 Evaluation Equation
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
38
2. What is JO Model?
The Factors of JO Model
 Factor 1:Value of Personal Information Leaked
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
Value of Personal Info. Leaked
= Value of Basic Info.
× Degree of Info. Sensitivity
× Degree of Ease in Identifying Individual
 Value of Basic Info. :500 Yen
 Degree of Info. Sensitivity: 𝑚𝑎𝑥(10𝑥−1 + 5𝑦−1 )
 Degree of Ease in Identifying Individual
Degree of Ease in Identifying Individual
Name AND Address
6
Name OR (Address + Phone Number)
3
Others
1
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
39
2. What is JO Model?
The Factors of JO Model
 Factor2:Social Responsibility Degree
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
Social Responsibility Degree
Higher than Normal
2
Normal
1
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
Public sector, leading
company, and the industry
defined by “Basic Policies
related to the Protection of
Personal Information” are
included.
40
2. What is JO Model?
The Factors of JO Model
 Factor3:Social Responsibility Degree
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
Post Incident Response Appraisal
Inappropriate
2
Normal
1
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
It is judged based on qualitative
reasons such as “response speed”
and “the existence of the inquiry.”
41
2. What is JO Model?
Application of JO Model
 Case Study:JINS Inc. (March 2013)
• Optician's shops
• Card information leakage happened by SQL Injection
•
•
•
•
Name + Card Number(PAN)+Security Code+ Expiration
The possibility of 12,036 records leaked → Actually 2,059 records
JINS pays 1,000 Yen gift card + the cost of reissuing payment card
Actual costs are approximately 18 million yen
• On Top of That…
• Investigation costs by PFI(PFI
Forensic Investigator), and the cost
for satisfying PCI DSS standards, the
cost of customer support and inquiry
is accumulated.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
42
2. What is JO Model?
Application of JO Model
 Case Study:JINS Inc.
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
Since car information is
leaked, “Degree of Ease in
Identifying the Individual” is
defined as 3.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
43
2. What is JO Model?
Application of JO Model
 Case Study:JINS Inc. ⇒ 39,000 Yen
Estimated Compensation Cost(each person)
= Value of Personal Info. Leaked
× Social Responsibility Degree
× Post Incident Response Appraisal
: 39,000
:1
:1
39,000=𝟓𝟎𝟎 × 𝒎𝒂𝒙 𝟏𝟎𝟏−𝟏 + 𝟓𝟑−𝟏 × 𝟑
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
44
1. Introduction
2. What is JO Model?
3. The Compensation in Real World and Analysis
4. Wrap-Up
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
45
3. The Compensation in Real World and Analysis
The Compensation in Real World
 The Compensation in Real World
• In Japan, the regulation of compensation for personal identifiable
information leakage does not exist in Japan.
• Past example and civil trials decide the compensation.
• Sugahara, Harada(2013)
A study on the compensation by company/organization when privacy and
personal information are compromised
• Conducting Questionnaire Research
• Basic personal information such as cell phone and purchase info.
is cheap, and the majority is within 1,000 yen.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
46
3. The Compensation in Real World and Analysis
The Compensation in Real World
 Example : Benesse
• A Famous educational company.
• A staff bring out the 35M client’s data for gaining money
• Benesse pay 500 Yen gift card for all victims, and total cost
for compensation is more than 20 billion yen.
 The some of victims have collective lawsuit.
• The participants in collective lawsuit request 55,000 Yen per
person as the compensation.(5,000 Yen is the fee of lawyers.)
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
47
3. The Compensation in Real World and Analysis
The Compensation in Real World
 Example : Target(Retails)
• Information breach caused by POS malware
• 70M customers’ personal info. leaked
• 40M customers’ credit card info. leaked
• Many Class Action (= The type of collective lawsuit)
• In Feb. 2015, the total cost of countermeasure is $191M.
• In March 2015, Target agree in court to pay $10M in data breach
lawsuit and target compensate up to $10,000 for the damage o
victims.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
48
3. The Compensation in Real World and Analysis
Japan Pension Service Information Breach
 Information Breach in Japan Pension Service
• Typical targeted attack but catastrophic harm
1.
2.
3.
4.
Targeted E-mail
PCs in JPS are infected by Malware
Attackers gain the critical info. Via infected PC
The confidential info. is leaked.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
49
3. The Compensation in Real World and Analysis
Cyber Insurance
 Cyber Insurance in Japan
• Example:Tokio Marine PII Leakage Insurance
• Legal Compensation Cost + Incident Response Cost
• Legal Compensation Cost:Support the cost related to legal issue
• Coverage:5M ~ 10B Yen
• Incident Response Cost:Support the cost for incident response
• Coverage:1M ~ 1B Yen
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
50
3. The Compensation in Real World and Analysis
The Analysis of Compensation in Real World PART1
 Our Research:39 Cases Research(2002~2015)
• Average:2,259 yen(The Average of JO Model:More than 40,000 Yen)
• According to our graphical analysis, majority of compensations
are 500 yen ~ 1000 yen.
グラフ タイトル
12,000
In this graph, more than
10,000 yen are plotted as
10,000 yen.
10,000
8,000
6,000
4,000
2,000
0
2001/04
2004/01
2006/10
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
2009/07
2012/04
2014/12
2017/09
51
3. The Compensation in Real World and Analysis
The Analysis of Compensation in Real World PART1
 If we see specific cases(High compensation・Civil Trial)…
• In civil trial case, more than 5,000 yen is paid, only financial
institution and civil trial case pay more than 10,000 yen
Year
High Comp.
Company
JO model
2002
TBC
35,000 Yen
66,000 Yen
2007
JAL Labor Union
10,000 Yen
606,000 Yen
2009
Mitsubishi UFJ Securities
10,000 Yen
180,000 Yen
2009
Alico Japan
10,000 Yen
26,000 Yen
Year
Lawsuit
Actual Cost
Company
1998
Uzi City
1998
Waseda University
2002
TBC
2004
Yahoo BB!
2007
JAL Labor Union
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
Actual Cost
JO model
15,000 Yen
66,000 Yen
5,000 Yen
606,000 Yen
35,000 Yen
66,000 Yen
6,000 Yen
12,000 Yen
10,000 Yen
606,000 Yen
52
3. The Compensation in Real World and Analysis
The Analysis of Compensation in Real World PART2
 Gap Analysis between JO Model and Actual Compensation
• There is an enormous gap between JO model estimated costs
and actual compensation.
50,000
45,000
But, more than 50,000
yen are plotted as
50,000 yen.
40,000
35,000
30,000
25,000
20,000
15,000
10,000
5,000
0
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
53
1. Introduction
2. What is JO Model?
3. The Compensation in Real World and Analysis
4. Wrap-Up
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
54
4. Wrap-Up
Consideration of Personal Identifiable Information Leakage
 2 Purpose of JO model
• Operational Model
• Normative Model
 Proposal as a Normative Model
• Searchability
• Cancelability
• Retrievability
:Information extraction with SNS・OSINT
:The ease of changing information(ex. birthday)
:The coverage of the information leaked
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
55
4. Wrap-Up
Wrap-Up
 In this Research…
• This research verifies huge gaps between JO model and actual
compensation costs even though society have become sensitive
to personal identifiable information leakage.
• Even now, the average compensation cost is 3,138 yen, and the
majority is within 500 yen to 1000 yen. Also, only financial
institution or the judgment of civil trials leads more than 5,000
yen compensation.
Copyright © 2015 Tomohisa Ishikawa All rights reserved.
56
Q&A
Thank you for your time & attention
Feel Free to Contact Us
Related documents
COI Disclosure Form (Word)
COI Disclosure Form (Word)
Japanese Society of Physical Fitness and Sports Medicine
Japanese Society of Physical Fitness and Sports Medicine
SHRM Essentials of Human Resources Management: Course Outline
SHRM Essentials of Human Resources Management: Course Outline
Addition - Department of Education NSW
Addition - Department of Education NSW
Currency Converter Program Design
Currency Converter Program Design
膜電位‐化学シグナルの新展開 : 多様性とメカニズム
膜電位‐化学シグナルの新展開 : 多様性とメカニズム
Lecture 09
Lecture 09
Appendix 1e Notice of compensation claim rejection Word
Appendix 1e Notice of compensation claim rejection Word
Download