PRESS RELEASE

msg: Privacy Risks Occur in many Web Applications

Top 10 risks published / study shows: vulnerabilities are the biggest privacy risk in Web applications

Munich, November 11, 2014. A study supported by msg identified the ten biggest risks to personal data in Web applications: they include vulnerabilities in the application itself, data leaks by the operator and insufficient response to privacy incidents - risks that have particularly grave implications and yet are fairly common. The study was performed as part of Open Source project "OWASP Top 10 Privacy Risks” and was based on an exchange with almost 100 internationally recognized security and data privacy experts from companies of all industries and government agencies. Based on this top 10 list, msg will continue supporting the project with the goal of identifying counter-measures to each of these risks.

As an IT service provider msg is also active in the field of IT security and data privacy, providing consulting services to companies ranging from insurance to food producers and even government agencies. The discoveries made while working with these topics on a daily basis were the motivation behind msg's employees' goal to initiate the OWASP Top 10 Privacy Risks Project. The initial result of the project is a list of the ten largest technical and organizational data privacy risks currently being faced. The globally unique approach already began receiving considerable international attention from experts even before the list had been completed. This resulted in the project team becoming an active member of the core team of an initiative started by the European Data Protection Supervisor, Internet Privacy Engineering Network (IPEN).

Top 10 Privacy Risks for Web Applications

1.  Web application vulnerabilities

2.  Operator-side Data Leakage

3.  Insufficient Data Breach Response

4.  Insufficient Deletion of Personal Data

5.  Nontransparent policies, terms and conditions

6.  Collection of data not required for the primary purpose

7.  Sharing of data with third party

8.  Outdated personal data

9.  Missing or insufficient Session Expiration

10.  Insecure Data Transfer

Methodology Born Out of Consultant Practices

What is exceptional about this list is the manner in which it was created and its proximity to the everyday work experiences of experts from around the globe. Project leader Florian Stahl, an expert in data privacy and information security at msg, states, "We asked privacy and security experts about the problems they commonly encountered in their work. We then used that information to put together a comprehensive list that included 20 risks. These 20 were then examined in greater detail based on statements from those we interviewed - how extensive was the impact of each individual risk and how often did the risks occur in actual practice? That gave rise to the top 10 list." The team will now work on identifying suitable counter-measures for these risks and will continue to review and update the list in the future. The objective is to establish the top 10 privacy risks as a de facto standard, similar to other OWASP projects.

msg
msg is an independent, international group of companies with more than 4,500 employees around the world. The company offers a holistic service spectrum of creative, strategic consulting and intelligent, sustainable and value-added IT solutions for the following industries: automotive, financial services, food, insurance, life science & healthcare, public sector, telecommunications & media, travel & logistics as well as utilities and has acquired an excellent reputation as an industry specialist during its more than 30 years in business.

Within the group, independent companies cover the wide variety of industry and issue-based competence: msg systems ag forms the core of the company group and works in close cooperation with the subsidiaries, both on a business and organizational level. This allows the competence, experience and know-how of all the members to be bundled into a holistic solution portfolio with measurable added value for its customers.

msg holds seventh place in the ranking of IT consulting and system integration companies in Germany.

Please feel free to contact us at any time for additional information:
msg systems ag, Susanne Koerber-Wilhelm, Robert-Bürkle-Str. 1, 85737 Ismaning/Munich
Tel. +49 89/ 961 01 1538, Fax +49 89/ 961 01 1113,
E-Mail:
Hotwire PR, Dunja Hélène Derenk, Franziska-Bilek-Weg 9, 80339 Munich
Tel. +49 49 89/ 244 14 33 01, E-Mail:
Images and other press-related releases are available at www.msg-systems.com
Reprint free of charge. Sample copies on request.

© msg systems ag 2014 Page 1 of 2