Information Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best Practices

Information Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best Practices

by William Stallings
Released December 2019
Publisher(s): Addison-Wesley Professional
ISBN: 9780135278383

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The Comprehensive Guide to Engineering and Implementing Privacy Best Practices

As systems grow more complex and cybersecurity attacks more relentless, safeguarding privacy is ever more challenging. Organizations are increasingly responding in two ways, and both are mandated by key standards such as GDPR and ISO/IEC 27701:2019. The first approach, privacy by design, aims to embed privacy throughout the design and architecture of IT systems and business practices. The second, privacy engineering, encompasses the technical capabilities and management processes needed to implement, deploy, and operate privacy features and controls in working systems.

In Information Privacy Engineering and Privacy by Design, internationally renowned IT consultant and author William Stallings brings together the comprehensive knowledge privacy executives and engineers need to apply both approaches. Using the techniques he presents, IT leaders and technical professionals can systematically anticipate and respond to a wide spectrum of privacy requirements, threats, and vulnerabilities–addressing regulations, contractual commitments, organizational policies, and the expectations of their key stakeholders.

• Review privacy-related essentials of information security and cryptography

• Understand the concepts of privacy by design and privacy engineering

• Use modern system access controls and security countermeasures to partially satisfy privacy requirements

• Enforce database privacy via anonymization and de-identification

• Prevent data losses and breaches

• Address privacy issues related to cloud computing and IoT

• Establish effective information privacy management, from governance and culture to audits and impact assessment

• Respond to key privacy rules including GDPR, U.S. federal law, and the California Consumer Privacy Act

This guide will be an indispensable resource for anyone with privacy responsibilities in any organization, and for all students studying the privacy aspects of cybersecurity.

Table of contents

  1. Cover Page
  2. About This eBook
  3. Half Title Page
  4. Title Page
  5. Copyright Page
  6. Dedication Page
  7. Contents at a Glance
  8. Table of Contents
  9. Preface
    1. Organization of the Book
    2. Supporting Websites
    3. Companion Book on Cybersecurity
  10. Acknowledgments
  11. About the Author
  12. Figure Credits
  13. Part I: Overview
    1. Chapter 1. Security and Cryptography Concepts
      1. 1.1 Cybersecurity, Information Security, and Network Security
      2. 1.2 Security Attacks
      3. 1.3 Security Services
      4. 1.4 Security Mechanisms
      5. 1.5 Cryptographic Algorithms
      6. 1.6 Symmetric Encryption
      7. 1.7 Asymmetric Encryption
      8. 1.8 Cryptographic Hash Functions
      9. 1.9 Digital Signatures
      10. 1.10 Practical Considerations
      11. 1.11 Public-Key Infrastructure
      12. 1.12 Network Security
      13. 1.13 Key Terms and Review Questions
      14. 1.14 References
    2. Chapter 2. Information Privacy Concepts
      1. 2.1 Key Privacy Terminology
      2. 2.2 Privacy by Design
      3. 2.3 Privacy Engineering
      4. 2.4 Privacy and Security
      5. 2.5 Privacy Versus Utility
      6. 2.6 Usable Privacy
      7. 2.7 Key Terms and Review Questions
      8. 2.8 References
  14. Part II: Privacy Requirements and Threats
    1. Chapter 3. Information Privacy Requirements and Guidelines
      1. 3.1 Personally Identifiable Information and Personal Data
      2. 3.2 Personal Information That Is Not PII
      3. 3.3 Fair Information Practice Principles
      4. 3.4 Privacy Regulations
      5. 3.5 Privacy Standards
      6. 3.6 Privacy Best Practices
      7. 3.7 Key Terms and Review Questions
      8. 3.8 References
    2. Chapter 4. Information Privacy Threats and Vulnerabilities
      1. 4.1 The Evolving Threat Environment
      2. 4.2 Privacy Threat Taxonomy
      3. 4.3 NIST Threat Model
      4. 4.4 Threat Sources
      5. 4.5 Identifying Threats
      6. 4.6 Privacy Vulnerabilities
      7. 4.7 Key Terms and Review Questions
      8. 4.8 References
  15. Part III: Technical Security Controls for Privacy
    1. Chapter 5. System Access
      1. 5.1 System Access Concepts
      2. 5.2 Authorization
      3. 5.3 User Authentication
      4. 5.4 Access Control
      5. 5.5 Identity and Access Management
      6. 5.6 Key Terms and Review Questions
      7. 5.7 Reference
    2. Chapter 6. Malicious Software and Intruders
      1. 6.1 Malware Protection Activities
      2. 6.2 Malware Protection Software
      3. 6.3 Firewalls
      4. 6.4 Intrusion Detection
      5. 6.5 Key Terms and Review Questions
      6. 6.6 References
  16. Part IV: Privacy Enhancing Technologies
    1. Chapter 7. Privacy in Databases
      1. 7.1 Basic Concepts
      2. 7.2 Re-Identification Attacks
      3. 7.3 De-Identification of Direct Identifiers
      4. 7.4 De-Identification of Quasi-Identifiers in Microdata Files
      5. 7.5 K-Anonymity, L-Diversity, and T-Closeness
      6. 7.6 Summary Table Protection
      7. 7.7 Privacy in Queryable Databases
      8. 7.8 Key Terms and Review Questions
      9. 7.9 References
    2. Chapter 8. Online Privacy
      1. 8.1 The Online Ecosystem for Personal Data
      2. 8.2 Web Security and Privacy
      3. 8.3 Mobile App Security
      4. 8.4 Online Privacy Threats
      5. 8.5 Online Privacy Requirements
      6. 8.6 Privacy Notices
      7. 8.7 Tracking
      8. 8.8 Key Terms and Review Questions
      9. 8.9 References
    3. Chapter 9. Other PET Topics
      1. 9.1 Data Loss Prevention
      2. 9.2 The Internet of Things
      3. 9.3 IoT Security
      4. 9.4 IoT Privacy
      5. 9.5 Cloud Computing
      6. 9.6 Cloud Privacy
      7. 9.7 Key Terms and Review Questions
      8. 9.8 References
  17. Part V: Information Privacy Management
    1. Chapter 10. Information Privacy Governance and Management
      1. 10.1 Information Security Governance
      2. 10.2 Information Privacy Governance
      3. 10.3 Information Privacy Management
      4. 10.4 OASIS Privacy Management Reference Model
      5. 10.5 Key Terms and Review Questions
      6. 10.6 References
    2. Chapter 11. Risk Management and Privacy Impact Assessment
      1. 11.1 Risk Assessment
      2. 11.2 Risk Management
      3. 11.3 Privacy Risk Assessment
      4. 11.4 Privacy Impact Assessment
      5. 11.5 Key Terms and Review Questions
      6. 11.6 References
    3. Chapter 12. Privacy Awareness, Training, and Education
      1. 12.1 Information Privacy Awareness
      2. 12.2 Privacy Training and Education
      3. 12.3 Acceptable Use Policies
      4. 12.4 Key Terms and Review Questions
      5. 12.5 References
    4. Chapter 13. Event Monitoring, Auditing, and Incident Response
      1. 13.1 Event Monitoring
      2. 13.2 Information Security Auditing
      3. 13.3 Information Privacy Auditing
      4. 13.4 Privacy Incident Management and Response
      5. 13.5 Key Terms and Review Questions
      6. 13.6 References
  18. Part VI: Legal and Regulatory Requirements
    1. Chapter 14. The EU General Data Protection Regulation
      1. 14.1 Key Roles and Terms in the GDPR
      2. 14.2 Structure of the GDPR
      3. 14.3 GDPR Objectives and Scope
      4. 14.4 GDPR Principles
      5. 14.5 Restrictions on Certain Types of Personal Data
      6. 14.6 Rights of the Data Subject
      7. 14.7 Controller, Processor, and Data Protection Officer
      8. 14.8 Data Protection Impact Assessment
      9. 14.9 Key Terms and Review Questions
      10. 14.10 References
    2. Chapter 15. U.S. Privacy Laws
      1. 15.1 A Survey of Federal U.S. Privacy Laws
      2. 15.2 Health Insurance Portability and Accountability Act
      3. 15.3 Health Information Technology for Economic and Clinical Health Act
      4. 15.4 Children’s Online Privacy Protection Act
      5. 15.5 California Consumer Privacy Act
      6. 15.6 Key Terms and Review Questions
      7. 15.7 References
  19. Index
  20. Code Snippets

Product information

  • Title: Information Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best Practices
  • Author(s): William Stallings
  • Release date: December 2019
  • Publisher(s): Addison-Wesley Professional
  • ISBN: 9780135278383