What steps have you taken or do you plan to take to prevent future such
breaches?
The new security measures
being implemented include the
following:
- Added automated software monitoring and configuration management to help
defend against new attacks;
- Enhanced levels of data protection and encryption;
- Enhanced ability to detect software intrusions within the network,
unauthorized access and unusual
activity patterns;
- Implementation of additional firewalls; and
- The company also expedited a planned move of the system to a new data
center in a different location with
enhanced security.
- The naming of new Chief Information Security Officer (CISO) directly
reporting to the Chief Information
Officer, Sony Corporation.
Do you currently have a policy that addresses data security and retention
practices? If not, why not? If so,
what are those practices and do you
plan any changes in your policies as a
result of this breach?
Yes, we do have policies that address
data security and retention practices.
Sony utilizes a global framework for
providing policies to its group
companies based on the international
information security standard called
"ISO/IEC 27001" to ensure consistent
standard information security
practices for each operating company.
The Global Information Security Policy
("GISP") sets forth the company's
information security management
structure and administrative,
technical and physical safeguards to
protect the confidentiality,
integrity, and availability of
non-public information. The GISP also
defines the overall direction and
policy of Sony Group's information
security program and the authorities
and responsibilities for information
security management. Additionally,
Sony provides a set of 14 standards,
Global Information Security Standards
("GISS"), that specify the types of
controls needed for the different
categories of information security
management (e.g., information
classification, access controls and HR
security). Continued application of
these policies and practices, in
addition to, an expedited move to our
new enhanced security data facility,
are the changes being made as a result
of this breach.
What steps have you taken or do you
plan to take to mitigate the effects
of this breach? Do you plan to offer
any credit monitoring or other
services to consumers who suffer
actual harm as a result of this
breach?
Sony Network Entertainment America is
committed to helping its customers
protect their personal data and will
offer its U.S. account holders
complimentary identity theft
protection services. Because the
breach affects customers worldwide,
different programs may be offered in
other territories. Sony Network
Entertainment America is also creating
a "Welcome Back" program to be offered
worldwide, which will be tailored to
specific markets to provide our
consumers with a selection of service
options and premium content as an
expression of the company's
appreciation for their patience and
support. Central components of the
"Welcome Back" program will include:
- Each territory will be offering selected PlayStation entertainment
content for free download. Specific
details of this content will be
announced in each region soon.
- All consumers coming back to the PlayStation Network will be provided
with 30 days of free membership in the
PlayStation Plus premium subscription
service. Current PlayStation Plus
subscribers will have their
subscriptions extended for the number
of days PlayStation Network and
Qriocity services were unavailable
and, in addition, will receive 30 days
of free service.
- Music Unlimited subscribers (in countries where the service is
available) will have their
subscriptions extended for the number
of days PlayStation Network and
Qriocity services were unavailable
and, in addition, receive 30 days of
free service.
Best Answer
A recent blog post clarifies this, the exclusive DLC consists of four familiars, three of which have slightly elevated stats for their level, and the fourth is a monkey who shoots enemies with his banana-guns... Yeah.