book

Information Security and Privacy Quick Reference

Name: Information Security and Privacy Quick Reference
ISBN: 9781394353316

by Mike Chapple, Joe Shelley, James Michael Stewart

June 2025

Intermediate to advanced

320 pages

8h 5m

English

Wiley

Read now

Unlock full access

Cover
Table of Contents
Title Page
Introduction
CHAPTER 1: Security and Privacy Foundations
Security 101Confidentiality, Integrity, and Availability (CIA)Disclosure, Alteration, and Destruction (DAD)Authentication, Authorization, and Accounting (AAA)Privacy in the Modern EraFoundational Privacy PrinciplesSecurity and Privacy FrameworksSecurity and Privacy Policies: Creation and EnforcementEstablishing Security Awareness ProgramsSecurity Strategies
CHAPTER 2: Governance, Risk Management, and Compliance
The Role of Governance in Security and PrivacyKey Regulations and StandardsRegulatory ComplianceBuilding and Managing a Risk Management FrameworkManaging Third-Party Risks and Vendor Assessments
CHAPTER 3: Security Architecture and Design
Principles of Secure DesignSecurity Operations FoundationsEnsuring Confidentiality, Integrity, and AvailabilityUnderstanding Security ModelsImplementing Personnel SecurityApplying Protection MechanismsSystem Resilience and High Availability
CHAPTER 4: Identity and Access Management
IAM Core Concepts and PrinciplesAuthentication Methods and Multifactor AuthenticationRole-Based Access Control Versus Attribute-Based Access ControlIdentity Federation and Single Sign-OnZero Trust Architecture for IAMIdentity Governance Life CycleAccess Control Attacks
CHAPTER 5: Data Protection and Privacy Engineering
Data Classification and LabelingData Masking, Tokenization, and EncryptionData Loss Prevention StrategiesPrivacy by DesignDeveloping a Privacy ProgramCross-Border Data Transfers and Legal ImplicationsData Subject Rights and Privacy Request HandlingData Retention, Archiving, and Secure Disposal
CHAPTER 6: Security and Privacy Incident Management
Incident Response PlanningDetection and Triage of Security and Privacy IncidentsInvestigating IncidentsCommunication Plans for Incident ResponsePost-Incident Review and Lessons LearnedPrivacy Breach Notifications and Regulatory Reporting

CHAPTER 7: Network Security and Privacy Protections
Secure Network ComponentsNetwork SegmentationSystem HardeningFirewalls and Intrusion Detection/Prevention SystemsVirtual Private Networks and Secure Access Service EdgeSecure Wireless Network ManagementSecuring the CloudNetwork Monitoring
CHAPTER 8: Security Assessment and Testing
Building a Security Assessment and Testing ProgramVulnerability ManagementUnderstanding Security VulnerabilitiesPenetration TestingTesting SoftwareTraining and Exercises
CHAPTER 9: Endpoint and Device Security
Endpoint Detection and ResponseNetwork Device SecurityMobile Device ManagementUnderstanding MalwareMalware PreventionPatching and Vulnerability Remediation
CHAPTER 10: Application Security
Secure Software Development Life CycleDevSecOps and DevOps IntegrationApplication AttacksInjection VulnerabilitiesAuthorization VulnerabilitiesWeb Application AttacksApplication Security ControlsCoding Best Practices
CHAPTER 11: Cryptography Essentials
Core Cryptography ConceptsSymmetric CryptographyAsymmetric CryptographyHash FunctionsDigital SignaturesPublic Key InfrastructureKey Management Best PracticesCryptographic Attacks
CHAPTER 12: Physical and Environmental Security
Security and Facility DesignPhysical Access Controls and MonitoringSecurity in Data Centers and Server RoomsEnvironmental ControlsImplement and Manage Physical Security
CHAPTER 13: Legal and Ethical Considerations
Computer CrimeIntellectual Property LawsSoftware Licensing LawsImport/Export LawsPrivacy LawsComplianceEthical Considerations
CHAPTER 14: Threat Intelligence and Cyber Defense
Threat ActorsThreat VectorsThreat IntelligenceThreat FeedsThreat HuntingAssessing Threat IntelligenceCyber Kill Chain and the MITRE ATT&CK
CHAPTER 15: Business Continuity and Disaster Recovery
Project Scope and PlanningConducting Business Impact AnalysisBusiness Continuity Planning EssentialsRecovery Planning EssentialsDisaster Recovery Strategies and SolutionsTesting and Simulation Exercises
Index
Copyright
About the Authors
End User License Agreement

Content preview from Information Security and Privacy Quick Reference

CHAPTER 15Business Continuity and Disaster Recovery

In today's business environment, the resilience of an organization is not just a competitive advantage but a necessity. As a security and privacy professional, your role in safeguarding your organization extends beyond the implementation of security measures to ensuring that business operations can withstand and quickly recover from unforeseen disruptions. This chapter examines the critical components of business continuity and disaster recovery, equipping you with the knowledge to prepare your organization for a wide range of potential threats from natural disasters to cyberattacks.

Understanding the intricacies of business continuity and disaster recovery planning is essential for developing a robust strategy that minimizes downtime and protects critical assets. This chapter provides you with a comprehensive guide to establishing a well-defined scope for your continuity projects, analyzing potential impacts through a business impact analysis (BIA), and implementing effective recovery strategies. By exploring these concepts, you will gain insights into creating a resilient framework that ensures your organization can maintain operations and recover swiftly in the face of adversity.

By the end of this chapter, you will be equipped with the tools and strategies necessary to design and implement a comprehensive business continuity and disaster recovery plan. This knowledge will empower you to not only protect your organization's ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Computer and Information Security Handbook, 3rd Edition

Publisher Resources

ISBN: 9781394353316

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Information Security and Privacy Quick Reference

by Mike Chapple, Joe Shelley, James Michael Stewart

CHAPTER 15Business Continuity and Disaster Recovery

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.