book

Privacy, Regulations, and Cybersecurity

Name: Privacy, Regulations, and Cybersecurity
Author: Chris Moschovitis
ISBN: 9781119658740

by Chris Moschovitis

February 2021

Beginner to intermediate

416 pages

10h 10m

English

Wiley

Read now

Unlock full access

COVER
TITLE PAGE
COPYRIGHT
FOREWORD
PREFACE
ABOUT THE AUTHOR
ACKNOWLEDGMENTS
PART ONE: Privacy
CHAPTER 1: Understanding Privacy
CHAPTER 2: A (Very) Brief History of Privacy
The Legal Case for Privacy (the Big Print)Slouching toward PrivacyDebating Privacy in the USConfidentiality vs. Privacy

CHAPTER 3: The Legal Case for Privacy (the Finer Print)
International Privacy Legislation
PART TWO: Regulations
CHAPTER 4: Introduction to Regulations
Preparing to Take ChargeCreating Your Privacy ProfileKnow before You Go: Using the Regulations SectionOne Last Thing before We Go!
CHAPTER 5: North American Regulations
United StatesFederal RegulationsState RegulationsCaliforniaMaineAmendment to the Nevada Privacy of Information Collected on the Internet from Consumers Act via SB 220Data Protection in the United States: ConclusionsCanadaMexico
CHAPTER 6: European Regulations
Non-EU Member European CountriesRussiaSwitzerlandComing Soon to a European Union Near You!
CHAPTER 7: Asia-Pacific Regulations
ChinaIndiaJapanAustralia
CHAPTER 8: African Regulations
Economic Community of West African StatesNigeriaSouth AfricaEgypt
CHAPTER 9: South American Regulations
BrazilArgentinaColombia
PART THREE: Privacy and Cybersecurity
CHAPTER 10: Introduction to Cybersecurity
Everything You Always Wanted to Know About Tech (But Were Afraid to Ask Your Kids)In the Beginning1…Key DefinitionsNote
CHAPTER 11: A Cybersecurity Primer
Cybersecurity DefinedConfidentialityIntegrityAvailabilitySafetyMeasuring Cybersecurity's SuccessEnsuring and PreservingCybersecurity Controls and Defense in DepthDefense in DepthThe ThreatsThreat AgentsKey Trends Influencing Threat AgentsThe Nature of HackersAttack ProcessTypes of AttacksA Brief Cyberglossary
CHAPTER 12: Privacy-Centric Cybersecurity Program Overview
What's the Point of It All?Vision and Mission StatementsCulture and StrategyOff to See the WizardWhat Does Organizational IT Typically Look Like?What's at Risk?Threat AssessmentAt the Club House Turn!Mitigating RiskIncident Response Planning
CHAPTER 13: Privacy by Design Overview
The Case for Frameworks
CHAPTER 14: Cover Your Assets!
Asset ClassificationAsset MetadataA Fleeting Glimpse into the Other SideBusiness Impact AnalysisOne Spreadsheet to Rule Them All
CHAPTER 15: Threat Assessment
Types of ThreatsInternal ThreatsExternal ThreatsThreat RankingsThreat IntelligenceThreat Modeling
CHAPTER 16: Vulnerabilities
Who's Who in Vulnerabilities TrackingVulnerabilities: Mapping and RemediationVulnerability Testing
CHAPTER 17: Environments
On-Premises Computing EnvironmentsPrivate Cloud Computing EnvironmentsPublic Cloud Computing EnvironmentsHybrid Cloud Computing EnvironmentsCloud Security QuestionsThe Internet of Things (IoT)Distributed Workforces
CHAPTER 18: Controls
Preventative ControlsDetective ControlsCorrective ControlsCompensatory ControlsDefense in DepthPrivacy and Cybersecurity ControlsPeople, Technology, and OperationsCommunicationsPolicies, Standards, Procedures, and GuidelinesPutting It All Together
CHAPTER 19: Incident Response
Incident Response Planning: Not Just a Good Idea—It's the Law!Incident-Response Plan PhasesPreparing Your Incident-Response PlanIdentifying IncidentsContaining IncidentsTreating IncidentsIncident RecoveryPost-Incident ReviewDo It All Over Again!
CHAPTER 20: Welcome to the Future! Now, Go Home!
Social TransformationTechnology TransformationBusiness TransformationThe Story of ACMEFinal Words
BIBLIOGRAPHY
History, Case Law, and Legal AnalysisLegislation, Regulation, and AnalysisInformation Technology, Design, and PrivacyThreat and Incident ReportsFuture TrendsSelected Bibliography from Cybersecurity Program Development for Business: The Essential Planning Guide (Wiley 2018)
INDEX
END USER LICENSE AGREEMENT

Content preview from Privacy, Regulations, and Cybersecurity

CHAPTER 12Privacy-Centric Cybersecurity Program Overview

There was this absolutely horrible moment where I realized there was absolutely nothing at all that I could do.

—Amy Pascal, former CEO of Sony Pictures

When it comes to designing a cybersecurity program—privacy-first or otherwise—what is the most important thing to know before you take the first step? You need to know where you are right now.

The probability that you're designing a cybersecurity program from scratch should be low. I would certainly hope that you have something in place, ideally something robust enough that we can take and mold into a privacy-first cybersecurity program.

Be that as it may, hope alone will not suffice! We'll still need to “do the do” and look at the program (existing or not) anew.

We will start by answering a few rather existential questions:

What's the Point of It All?

For every business there is a vision, a mission, and one or more goals. This may seem trivial, but it is very important to put those down on paper. If it is your business, then you already know them. This will be our starting point.

Vision and Mission Statements

A mission statement is your company's raison d'être. It's as existential as it gets. It tells the world why you exist. A vision statement, on the other hand, is more directional than it is existential. One is who and why we are; the other is what we are.

The website TopNonProfits.com has collected the top vision and mission statements for several nonprofits. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781119658740Purchase Link

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design