Mike Chapple, Joe Shelley, James Michael Stewart

Information Security and Privacy Quick Reference (eBook, ePUB)

The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer

• Format: ePub

Produktbeschreibung

A fast, accurate, and up-to-date desk reference for information security and privacy practitioners everywhere

Information security and privacy roles demand up-to-date knowledge coming from a seemingly countless number of sources, including several certifications-like the CISM, CIPP, and CISSP-legislation and regulations issued by state and national governments, guidance from local and industry organizations, and even international bodies, like the European Union.

The Information Security and Privacy Quick Reference: The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer is an updated, convenient, and accurate desk reference for information privacy practitioners who need fast and easy access to the latest guidance, laws, and standards that apply in their field. This book is the most effective resource for information security professionals who need immediate and correct solutions to common and rarely encountered problems.

An expert team of writers-Joe Shelley, James Michael Stewart, and the bestselling technical author, Mike Chapple-draw on decades of combined technology and education experience to deliver organized and accessible coverage of:

• Security and Privacy Foundations
• Governance, Risk Management, and Compliance
• Security Architecture and Design
• Identity and Access Management
• Data Protection and Privacy Engineering
• Security and Privacy Incident Management
• Network Security and Privacy Protections
• Security Assessment and Testing
• Endpoint and Device Security
• Application Security
• Cryptography Essentials
• Physical and Environmental Security
• Legal and Ethical Considerations
• Threat Intelligence and Cyber Defense
• Business Continuity and Disaster Recovery

Information Security and Privacy Quick Reference is a must-have resource for CISOs, CSOs, Chief Privacy Officers, and other information security and privacy professionals seeking a reliable, accurate, and fast way to answer the questions they encounter at work every single day.

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in D ausgeliefert werden.

---

Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.

Produktdetails

• Verlag: John Wiley & Sons
• Seitenzahl: 429
• Erscheinungstermin: 22. Mai 2025
• Englisch
• ISBN-13: 9781394353323
• Artikelnr.: 74324362

Autorenporträt

Mike Chapple, PhD, CISSP , CISM, CIPP/US, CIPM, and CCSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business. He is the bestselling author of over 25 technical books. He is also the Academic Director of the University's Master of Science in Business Analytics program. Joe Shelley, CIPP/US and CIPM, is the Vice President for Libraries and Information Technology at Hamilton College in New York. He oversees the information security and privacy programs, IT risk management, business intelligence and analytics, and data governance. James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CEI, and CFR, has been writing and training for more than 25 years, with a focus on CISSP, internet security and ethical hacking/penetration testing. He is the author of and contributor to more than 80 books on security certification, Microsoft topics, and network administration.

Inhaltsangabe

Introduction xiii
1 Security and Privacy Foundations 1
Security 101 1
Confidentiality, Integrity, and Availability (CIA) 3
Disclosure, Alteration, and Destruction (DAD) 4
Authentication, Authorization, and Accounting (AAA) 5
Privacy in the Modern Era 6
Foundational Privacy Principles 8
Security and Privacy Frameworks 11
Security and Privacy Policies: Creation and Enforcement 14
Establishing Security Awareness Programs 16
Security Strategies 19
2 Governance, Risk Management, and Compliance 23
The Role of Governance in Security and Privacy 23
Key Regulations and Standards 26
Regulatory Compliance 29
Building and Managing a Risk Management Framework 32
Managing Third-Party Risks and Vendor Assessments 35
3 Security Architecture and Design 39
Principles of Secure Design 39
Security Operations Foundations 42
Ensuring Confidentiality, Integrity, and Availability 44
Understanding Security Models 46
Implementing Personnel Security 49
Applying Protection Mechanisms 52
System Resilience and High Availability 54
4 Identity and Access Management 57
IAM Core Concepts and Principles 57
Authentication Methods and Multifactor Authentication 60
Role-Based Access Control Versus Attribute-Based Access Control 62
Identity Federation and Single Sign-On 65
Zero Trust Architecture for IAM 68
Identity Governance Life Cycle 71
Access Control Attacks 73
5 Data Protection and Privacy Engineering 77
Data Classification and Labeling 77
Data Masking, Tokenization, and Encryption 80
Data Loss Prevention Strategies 82
Privacy by Design 85
Developing a Privacy Program 87
Cross-Border Data Transfers and Legal Implications 90
Data Subject Rights and Privacy Request Handling 93
Data Retention, Archiving, and Secure Disposal 96
6 Security and Privacy Incident Management 101
Incident Response Planning 101
Detection and Triage of Security and Privacy Incidents 104
Investigating Incidents 106
Communication Plans for Incident Response 110
Post-Incident Review and Lessons Learned 113
Privacy Breach Notifications and Regulatory Reporting 117
7 Network Security and Privacy Protections 121
Secure Network Components 121
Network Segmentation 125
System Hardening 128
Firewalls and Intrusion Detection/Prevention Systems 130
Virtual Private Networks and Secure Access Service Edge 133
Secure Wireless Network Management 136
Securing the Cloud 139
Network Monitoring 142
8 Security Assessment and Testing 145
Building a Security Assessment and Testing Program 145
Vulnerability Management 147
Understanding Security Vulnerabilities 150
Penetration Testing 153
Testing Software 155
Training and Exercises 158
9 Endpoint and Device Security 163
Endpoint Detection and Response 163
Network Device Security 166
Mobile Device Management 169
Understanding Malware 173
Malware Prevention 176
Patching and Vulnerability Remediation 178
10 Application Security 183
Secure Software Development Life Cycle 183
DevSecOps and DevOps Integration 187
Application Attacks 191
Injection Vulnerabilities 192
Authorization Vulnerabilities 194
Web Application Attacks 196
Application Security Controls 198
Coding Best Practices 201
11 Cryptography Essentials 205
Core Cryptography Concepts 205
Symmetric Cryptography 208
Asymmetric Cryptography 210
Hash Functions 213
Digital Signatures 216
Public Key Infrastructure 218
Key Management Best Practices 220
Cryptographic Attacks 222
12 Physical and Environmental Security 227
Security and Facility Design 227
Physical Access Controls and Monitoring 229
Security in Data Centers and Server Rooms 232
Environmental Controls 234
Implement and Manage Physical Security 235
13 Legal and Ethical Considerations 237
Computer Crime 238
Intellectual Property Laws 241
Software Licensing Laws 243
Import/Export Laws 244
Privacy Laws 246
Compliance 249
Ethical Considerations 250
14 Threat Intelligence and Cyber Defense 253
Threat Actors 253
Threat Vectors 256
Threat Intelligence 258
Threat Feeds 259
Threat Hunting 262
Assessing Threat Intelligence 263
Cyber Kill Chain and the MITRE ATT&CK 265
15 Business Continuity and Disaster Recovery 269
Project Scope and Planning 270
Conducting Business Impact Analysis 273
Business Continuity Planning Essentials 277
Recovery Planning Essentials 279
Disaster Recovery Strategies and Solutions 282
Testing and Simulation Exercises 284
Index 289