book

Information Security and Privacy Quick Reference

Name: Information Security and Privacy Quick Reference
ISBN: 9781394353316

by Mike Chapple, Joe Shelley, James Michael Stewart

June 2025

Intermediate to advanced

320 pages

8h 5m

English

Wiley

Read now

Unlock full access

Cover
Table of Contents
Title Page
Introduction
CHAPTER 1: Security and Privacy Foundations
Security 101Confidentiality, Integrity, and Availability (CIA)Disclosure, Alteration, and Destruction (DAD)Authentication, Authorization, and Accounting (AAA)Privacy in the Modern EraFoundational Privacy PrinciplesSecurity and Privacy FrameworksSecurity and Privacy Policies: Creation and EnforcementEstablishing Security Awareness ProgramsSecurity Strategies
CHAPTER 2: Governance, Risk Management, and Compliance
The Role of Governance in Security and PrivacyKey Regulations and StandardsRegulatory ComplianceBuilding and Managing a Risk Management FrameworkManaging Third-Party Risks and Vendor Assessments
CHAPTER 3: Security Architecture and Design
Principles of Secure DesignSecurity Operations FoundationsEnsuring Confidentiality, Integrity, and AvailabilityUnderstanding Security ModelsImplementing Personnel SecurityApplying Protection MechanismsSystem Resilience and High Availability
CHAPTER 4: Identity and Access Management
IAM Core Concepts and PrinciplesAuthentication Methods and Multifactor AuthenticationRole-Based Access Control Versus Attribute-Based Access ControlIdentity Federation and Single Sign-OnZero Trust Architecture for IAMIdentity Governance Life CycleAccess Control Attacks
CHAPTER 5: Data Protection and Privacy Engineering
Data Classification and LabelingData Masking, Tokenization, and EncryptionData Loss Prevention StrategiesPrivacy by DesignDeveloping a Privacy ProgramCross-Border Data Transfers and Legal ImplicationsData Subject Rights and Privacy Request HandlingData Retention, Archiving, and Secure Disposal
CHAPTER 6: Security and Privacy Incident Management
Incident Response PlanningDetection and Triage of Security and Privacy IncidentsInvestigating IncidentsCommunication Plans for Incident ResponsePost-Incident Review and Lessons LearnedPrivacy Breach Notifications and Regulatory Reporting

CHAPTER 7: Network Security and Privacy Protections
Secure Network ComponentsNetwork SegmentationSystem HardeningFirewalls and Intrusion Detection/Prevention SystemsVirtual Private Networks and Secure Access Service EdgeSecure Wireless Network ManagementSecuring the CloudNetwork Monitoring
CHAPTER 8: Security Assessment and Testing
Building a Security Assessment and Testing ProgramVulnerability ManagementUnderstanding Security VulnerabilitiesPenetration TestingTesting SoftwareTraining and Exercises
CHAPTER 9: Endpoint and Device Security
Endpoint Detection and ResponseNetwork Device SecurityMobile Device ManagementUnderstanding MalwareMalware PreventionPatching and Vulnerability Remediation
CHAPTER 10: Application Security
Secure Software Development Life CycleDevSecOps and DevOps IntegrationApplication AttacksInjection VulnerabilitiesAuthorization VulnerabilitiesWeb Application AttacksApplication Security ControlsCoding Best Practices
CHAPTER 11: Cryptography Essentials
Core Cryptography ConceptsSymmetric CryptographyAsymmetric CryptographyHash FunctionsDigital SignaturesPublic Key InfrastructureKey Management Best PracticesCryptographic Attacks
CHAPTER 12: Physical and Environmental Security
Security and Facility DesignPhysical Access Controls and MonitoringSecurity in Data Centers and Server RoomsEnvironmental ControlsImplement and Manage Physical Security
CHAPTER 13: Legal and Ethical Considerations
Computer CrimeIntellectual Property LawsSoftware Licensing LawsImport/Export LawsPrivacy LawsComplianceEthical Considerations
CHAPTER 14: Threat Intelligence and Cyber Defense
Threat ActorsThreat VectorsThreat IntelligenceThreat FeedsThreat HuntingAssessing Threat IntelligenceCyber Kill Chain and the MITRE ATT&CK
CHAPTER 15: Business Continuity and Disaster Recovery
Project Scope and PlanningConducting Business Impact AnalysisBusiness Continuity Planning EssentialsRecovery Planning EssentialsDisaster Recovery Strategies and SolutionsTesting and Simulation Exercises
Index
Copyright
About the Authors
End User License Agreement

Content preview from Information Security and Privacy Quick Reference

CHAPTER 13Legal and Ethical Considerations

Understanding the legal and ethical dimensions of information security and privacy is paramount for professionals in these fields. As a security or privacy professional, you are responsible not only for safeguarding data and systems but also for ensuring that your practices align with a complex web of laws and ethical standards. This chapter serves as a comprehensive overview of the critical legal frameworks and ethical principles that govern your work.

Navigating the legal landscape requires a nuanced understanding of various laws, from those addressing computer crime and intellectual property to software licensing and import/export regulations. These legalities form the backbone of compliance efforts and are essential for protecting your organization from legal liabilities and reputational damage. Furthermore, privacy laws, which vary significantly across jurisdictions, demand your attention to ensure that personal data is handled with the utmost care and in compliance with applicable regulations.

Beyond legal obligations, ethical considerations play a crucial role in guiding your professional conduct. Adhering to ethical standards not only fosters trust and integrity but also enhances the credibility of your organization. By engaging with this chapter, you will gain valuable insights into the legal and ethical aspects of your role, equipping you to make informed decisions that uphold both the letter and the spirit of the law. This ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Computer and Information Security Handbook, 3rd Edition

Publisher Resources

ISBN: 9781394353316

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Information Security and Privacy Quick Reference

by Mike Chapple, Joe Shelley, James Michael Stewart

CHAPTER 13Legal and Ethical Considerations

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.