book

Information Security and Privacy Quick Reference

Name: Information Security and Privacy Quick Reference
ISBN: 9781394353316

by Mike Chapple, Joe Shelley, James Michael Stewart

June 2025

Intermediate to advanced

320 pages

8h 5m

English

Wiley

Read now

Unlock full access

Cover
Table of Contents
Title Page
Introduction
CHAPTER 1: Security and Privacy Foundations
Security 101Confidentiality, Integrity, and Availability (CIA)Disclosure, Alteration, and Destruction (DAD)Authentication, Authorization, and Accounting (AAA)Privacy in the Modern EraFoundational Privacy PrinciplesSecurity and Privacy FrameworksSecurity and Privacy Policies: Creation and EnforcementEstablishing Security Awareness ProgramsSecurity Strategies
CHAPTER 2: Governance, Risk Management, and Compliance
The Role of Governance in Security and PrivacyKey Regulations and StandardsRegulatory ComplianceBuilding and Managing a Risk Management FrameworkManaging Third-Party Risks and Vendor Assessments
CHAPTER 3: Security Architecture and Design
Principles of Secure DesignSecurity Operations FoundationsEnsuring Confidentiality, Integrity, and AvailabilityUnderstanding Security ModelsImplementing Personnel SecurityApplying Protection MechanismsSystem Resilience and High Availability
CHAPTER 4: Identity and Access Management
IAM Core Concepts and PrinciplesAuthentication Methods and Multifactor AuthenticationRole-Based Access Control Versus Attribute-Based Access ControlIdentity Federation and Single Sign-OnZero Trust Architecture for IAMIdentity Governance Life CycleAccess Control Attacks
CHAPTER 5: Data Protection and Privacy Engineering
Data Classification and LabelingData Masking, Tokenization, and EncryptionData Loss Prevention StrategiesPrivacy by DesignDeveloping a Privacy ProgramCross-Border Data Transfers and Legal ImplicationsData Subject Rights and Privacy Request HandlingData Retention, Archiving, and Secure Disposal
CHAPTER 6: Security and Privacy Incident Management
Incident Response PlanningDetection and Triage of Security and Privacy IncidentsInvestigating IncidentsCommunication Plans for Incident ResponsePost-Incident Review and Lessons LearnedPrivacy Breach Notifications and Regulatory Reporting

CHAPTER 7: Network Security and Privacy Protections
Secure Network ComponentsNetwork SegmentationSystem HardeningFirewalls and Intrusion Detection/Prevention SystemsVirtual Private Networks and Secure Access Service EdgeSecure Wireless Network ManagementSecuring the CloudNetwork Monitoring
CHAPTER 8: Security Assessment and Testing
Building a Security Assessment and Testing ProgramVulnerability ManagementUnderstanding Security VulnerabilitiesPenetration TestingTesting SoftwareTraining and Exercises
CHAPTER 9: Endpoint and Device Security
Endpoint Detection and ResponseNetwork Device SecurityMobile Device ManagementUnderstanding MalwareMalware PreventionPatching and Vulnerability Remediation
CHAPTER 10: Application Security
Secure Software Development Life CycleDevSecOps and DevOps IntegrationApplication AttacksInjection VulnerabilitiesAuthorization VulnerabilitiesWeb Application AttacksApplication Security ControlsCoding Best Practices
CHAPTER 11: Cryptography Essentials
Core Cryptography ConceptsSymmetric CryptographyAsymmetric CryptographyHash FunctionsDigital SignaturesPublic Key InfrastructureKey Management Best PracticesCryptographic Attacks
CHAPTER 12: Physical and Environmental Security
Security and Facility DesignPhysical Access Controls and MonitoringSecurity in Data Centers and Server RoomsEnvironmental ControlsImplement and Manage Physical Security
CHAPTER 13: Legal and Ethical Considerations
Computer CrimeIntellectual Property LawsSoftware Licensing LawsImport/Export LawsPrivacy LawsComplianceEthical Considerations
CHAPTER 14: Threat Intelligence and Cyber Defense
Threat ActorsThreat VectorsThreat IntelligenceThreat FeedsThreat HuntingAssessing Threat IntelligenceCyber Kill Chain and the MITRE ATT&CK
CHAPTER 15: Business Continuity and Disaster Recovery
Project Scope and PlanningConducting Business Impact AnalysisBusiness Continuity Planning EssentialsRecovery Planning EssentialsDisaster Recovery Strategies and SolutionsTesting and Simulation Exercises
Index
Copyright
About the Authors
End User License Agreement

Content preview from Information Security and Privacy Quick Reference

CHAPTER 10Application Security

Ensuring the security of applications is paramount. As a security and privacy professional, you are on the front lines of defending against a myriad of threats that target applications, which are often the gateway to sensitive data and critical systems. This chapter is designed to equip you with the knowledge and tools necessary to fortify your applications against these threats. By understanding and implementing secure software development practices, integrating security into DevOps processes, and recognizing common attack vectors, you can significantly enhance the resilience of your applications.

Throughout this chapter, you will gain insights into the Secure Software Development Life Cycle, which is essential for building robust and secure applications from the ground up. You will explore the integration of security into DevOps, a practice that ensures security is not an afterthought but a continuous process embedded in the development workflow. Additionally, you will learn about various application attacks, including injection and authorization vulnerabilities, and how to defend against them. By mastering application security controls and adhering to secure coding best practices, you will be well-equipped to protect your applications from potential exploits. This chapter aims to provide you with a comprehensive understanding of application security, empowering you to safeguard your organization's digital assets effectively.

Secure Software ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Computer and Information Security Handbook, 3rd Edition

Publisher Resources

ISBN: 9781394353316

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Information Security and Privacy Quick Reference

by Mike Chapple, Joe Shelley, James Michael Stewart

CHAPTER 10Application Security

Secure Software ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.