book

Information Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best Practices

by William Stallings

December 2019

Intermediate to advanced

500 pages

16h 2m

English

Addison-Wesley Professional

Read now

Unlock full access

Organization of the BookSupporting WebsitesCompanion Book on Cybersecurity

1.1 Cybersecurity, Information Security, and Network Security1.2 Security Attacks1.3 Security Services1.4 Security Mechanisms1.5 Cryptographic Algorithms1.6 Symmetric Encryption1.7 Asymmetric Encryption1.8 Cryptographic Hash Functions1.9 Digital Signatures1.10 Practical Considerations1.11 Public-Key Infrastructure1.12 Network Security1.13 Key Terms and Review Questions1.14 References
2.1 Key Privacy Terminology2.2 Privacy by Design2.3 Privacy Engineering2.4 Privacy and Security2.5 Privacy Versus Utility2.6 Usable Privacy2.7 Key Terms and Review Questions2.8 References
3.1 Personally Identifiable Information and Personal Data3.2 Personal Information That Is Not PII3.3 Fair Information Practice Principles3.4 Privacy Regulations3.5 Privacy Standards3.6 Privacy Best Practices3.7 Key Terms and Review Questions3.8 References
4.1 The Evolving Threat Environment4.2 Privacy Threat Taxonomy4.3 NIST Threat Model4.4 Threat Sources4.5 Identifying Threats4.6 Privacy Vulnerabilities4.7 Key Terms and Review Questions4.8 References
5.1 System Access Concepts5.2 Authorization5.3 User Authentication5.4 Access Control5.5 Identity and Access Management5.6 Key Terms and Review Questions5.7 Reference
6.1 Malware Protection Activities6.2 Malware Protection Software6.3 Firewalls6.4 Intrusion Detection6.5 Key Terms and Review Questions6.6 References
7.1 Basic Concepts7.2 Re-Identification Attacks7.3 De-Identification of Direct Identifiers7.4 De-Identification of Quasi-Identifiers in Microdata Files7.5 K-Anonymity, L-Diversity, and T-Closeness7.6 Summary Table Protection7.7 Privacy in Queryable Databases7.8 Key Terms and Review Questions7.9 References
8.1 The Online Ecosystem for Personal Data8.2 Web Security and Privacy8.3 Mobile App Security8.4 Online Privacy Threats8.5 Online Privacy Requirements8.6 Privacy Notices8.7 Tracking8.8 Key Terms and Review Questions8.9 References
9.1 Data Loss Prevention9.2 The Internet of Things9.3 IoT Security9.4 IoT Privacy9.5 Cloud Computing9.6 Cloud Privacy9.7 Key Terms and Review Questions9.8 References
10.1 Information Security Governance10.2 Information Privacy Governance10.3 Information Privacy Management10.4 OASIS Privacy Management Reference Model10.5 Key Terms and Review Questions10.6 References
11.1 Risk Assessment11.2 Risk Management11.3 Privacy Risk Assessment11.4 Privacy Impact Assessment11.5 Key Terms and Review Questions11.6 References
12.1 Information Privacy Awareness12.2 Privacy Training and Education12.3 Acceptable Use Policies12.4 Key Terms and Review Questions12.5 References
13.1 Event Monitoring13.2 Information Security Auditing13.3 Information Privacy Auditing13.4 Privacy Incident Management and Response13.5 Key Terms and Review Questions13.6 References
14.1 Key Roles and Terms in the GDPR14.2 Structure of the GDPR14.3 GDPR Objectives and Scope14.4 GDPR Principles14.5 Restrictions on Certain Types of Personal Data14.6 Rights of the Data Subject14.7 Controller, Processor, and Data Protection Officer14.8 Data Protection Impact Assessment14.9 Key Terms and Review Questions14.10 References
15.1 A Survey of Federal U.S. Privacy Laws15.2 Health Insurance Portability and Accountability Act15.3 Health Information Technology for Economic and Clinical Health Act15.4 Children’s Online Privacy Protection Act15.5 California Consumer Privacy Act15.6 Key Terms and Review Questions15.7 References

Content preview from Information Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best Practices

Chapter 13. Event Monitoring, Auditing, and Incident Response

Learning Objectives

After studying this chapter, you should be able to:

Understand the difference between a security event and a security incident
List useful information to collect in security audit trails
Summarize the SP 800-53 security audit controls
Present a typical privacy audit checklist
Present an overview of the privacy incident management process

This chapter deals with activities an organization pursues after privacy controls and policies have been implemented. The key objectives are to assess the effectiveness of the privacy program and to respond to privacy breaches. Sections 13.1 through 13.3 deal with collecting and assessing information related to the effectiveness ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Privacy, Regulations, and Cybersecurity

Chris Moschovitis

A Government Librarian’s Guide to Information Governance and Data Privacy

Phyllis L. Elin, Max Rapaport

EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition

IT Governance Privacy Team

Information Security Policies, Procedures, and Standards

Douglas J. Landoll

Publisher Resources

ISBN: 9780135278383