February 2021
Beginner to intermediate
416 pages
10h 10m
English
Content preview from Privacy, Regulations, and Cybersecurity
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
CHAPTER 14Cover Your Assets!
Eventually all things are known. And few matter.
—Gore Vidal
Burr (1973)
So it begins the actual work of creating a privacy-centric cybersecurity program. It was a long path that got us here, but you made it! We will divide the work into several phases:
- Assets: What are we protecting and why?
- Threats: Who's out there to get us?
- Vulnerabilities: What are our weak points?
- Environments: What is our operating environment?
- Controls: How are we protecting ourselves?
- Incident Response Planning: When all else fails, what's our plan?
We will deal with each phase separately, breaking down the various steps needed to build your cybersecurity program. Step one is a review of your assets. In my view this is the most critical phase of the program, because without proper asset identification and valuation, you will have no idea of what, or how, to protect it.
As discussed, a prerequisite for all our privacy-focused cybersecurity work will be input from your counterpart who's running the privacy program. She will have gone through the hard work of implementing one of the privacy frameworks, and we'll be the beneficiaries! That's the “privacy metadata intake” we referenced earlier. For our purposes, we'll assume that your counterpart is wicked smart and has implemented the NIST Privacy Framework—that way we can use the NIST terminology throughout our discussions.
You'll recall that we defined assets as anything of value. So what exactly are these things of value ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.