Controlling Privacy and the Use of Data Assets - Volume 2 PDF Download

Author: Ulf Mattsson
Publisher: CRC Press
ISBN: 1000924351
Category : Computers
Languages : en
Pages : 319

View

Book Description
The book will review how new and old privacy-preserving techniques can provide practical protection for data in transit, use, and rest. We will position techniques like Data Integrity and Ledger and will provide practical lessons in Data Integrity, Trust, and data’s business utility. Based on a good understanding of new and old technologies, emerging trends, and a broad experience from many projects in this domain, this book will provide a unique context about the WHY (requirements and drivers), WHAT (what to do), and HOW (how to implement), as well as reviewing the current state and major forces representing challenges or driving change, what you should be trying to achieve and how you can do it, including discussions of different options. We will also discuss WHERE (in systems) and WHEN (roadmap). Unlike other general or academic texts, this book is being written to offer practical general advice, outline actionable strategies, and include templates for immediate use. It contains diagrams needed to describe the topics and Use Cases and presents current real-world issues and technological mitigation strategies. The inclusion of the risks to both owners and custodians provides a strong case for why people should care. This book reflects the perspective of a Chief Technology Officer (CTO) and Chief Security Strategist (CSS). The Author has worked in and with startups and some of the largest organizations in the world, and this book is intended for board members, senior decision-makers, and global government policy officials—CISOs, CSOs, CPOs, CTOs, auditors, consultants, investors, and other people interested in data privacy and security. The Author also embeds a business perspective, answering the question of why this an important topic for the board, audit committee, and senior management regarding achieving business objectives, strategies, and goals and applying the risk appetite and tolerance. The focus is on Technical Visionary Leaders, including CTO, Chief Data Officer, Chief Privacy Officer, EVP/SVP/VP of Technology, Analytics, Data Architect, Chief Information Officer, EVP/SVP/VP of I.T., Chief Information Security Officer (CISO), Chief Risk Officer, Chief Compliance Officer, Chief Security Officer (CSO), EVP/SVP/VP of Security, Risk Compliance, and Governance. It can also be interesting reading for privacy regulators, especially those in developed nations with specialist privacy oversight agencies (government departments) across their jurisdictions (e.g., federal and state levels).

Author: Ulf Mattsson
Publisher:
ISBN: 9781003254928
Category : Data privacy
Languages : en
Pages : 0

View

Book Description
"The book will review how new and old privacy-preserving techniques can provide practical protection for data in transit, use, and rest. We will position techniques like Data Integrity, and Ledger. This book will use practical lessons in Data Integrity, and Trust, and data's business utility. This book is based on a good understanding and experience of new and old technologies, emerging trends, and a broad experience from many projects in this domain. This book will provide unique context about the WHY (requirements and drivers), WHAT (what to do), and HOW (how to implement), and review current state and major forces representing challenges or driving change, what you should be trying to achieve, how do you do it, including discussions of different options. We will also discuss WHERE (in systems) and WHEN (roadmap). Unlike other general or academic texts, this book is being written to offer practical general advice, outline actionable strategies, and include templates for immediate use. The book contains diagrams needed to describe the topics and Use Cases. The book presents current real-world issues and technological mitigation strategies. The inclusion of the risks to both owners and custodians provide a strong case for why people should care. The book reflects the perspective of a CTO and Chief Security Strategist. I worked in and with startups and some of the largest organizations in the world. The book is for board members, senior decision-makers, and global government policy officials - CISOs, CSOs, CPOs, CTOs, auditors, consultants, investors, and other people interested in data privacy and security. I will also embed a business perspective. Why is this an important topic for the board, audit committee, and senior management regarding achieving business objectives, strategies, and goals and applying the risk appetite and tolerance? The focus is on Technical Visionary Leaders, including Chief Technology Officer, Chief Data Officer, Chief Privacy Officer, EVP/SVP/VP of Technology, Analytics, Data Architect, Chief Information Officer, EVP/SVP/VP of I.T., Chief Information Security Officer (CISO), Chief Risk Officer, Chief Compliance Officer, Chief Security Officer (CSO), EVP/SVP/VP of Security, Risk Compliance, Governance. It can also be interesting reading for privacy regulators, especially those in developed nations with specialist privacy oversight agencies (government departments) across their jurisdictions (e.g., federal and state levels)"--

Author: Ulf Mattsson
Publisher: CRC Press
ISBN: 1000599981
Category : Computers
Languages : en
Pages : 353

View

Book Description
"Ulf Mattsson leverages his decades of experience as a CTO and security expert to show how companies can achieve data compliance without sacrificing operability." Jim Ambrosini, CISSP, CRISC, Cybersecurity Consultant and Virtual CISO "Ulf Mattsson lays out not just the rationale for accountable data governance, he provides clear strategies and tactics that every business leader should know and put into practice. As individuals, citizens and employees, we should all take heart that following his sound thinking can provide us all with a better future." Richard Purcell, CEO Corporate Privacy Group and former Microsoft Chief Privacy Officer Many security experts excel at working with traditional technologies but fall apart in utilizing newer data privacy techniques to balance compliance requirements and the business utility of data. This book will help readers grow out of a siloed mentality and into an enterprise risk management approach to regulatory compliance and technical roles, including technical data privacy and security issues. The book uses practical lessons learned in applying real-life concepts and tools to help security leaders and their teams craft and implement strategies. These projects deal with a variety of use cases and data types. A common goal is to find the right balance between compliance, privacy requirements, and the business utility of data. This book reviews how new and old privacy-preserving techniques can provide practical protection for data in transit, use, and rest. It positions techniques like pseudonymization, anonymization, tokenization, homomorphic encryption, dynamic masking, and more. Topics include Trends and Evolution Best Practices, Roadmap, and Vision Zero Trust Architecture Applications, Privacy by Design, and APIs Machine Learning and Analytics Secure Multiparty Computing Blockchain and Data Lineage Hybrid Cloud, CASB, and SASE HSM, TPM, and Trusted Execution Environments Internet of Things Quantum Computing And much more!

Author: Ulf Mattsson
Publisher: Security, Audit and Leadership Series
ISBN: 9781032039121
Category :
Languages : en
Pages : 314

View

Book Description
This book uses practical lessons learned in applying real-life concepts and tools to help security leaders and their teams craft and implement strategies. These projects deal with a variety of use cases and data types.

Author: Ulf Mattsson
Publisher: CRC Press
ISBN: 9781032039138
Category :
Languages : en
Pages : 314

View

Book Description
This book uses practical lessons learned in applying real-life concepts and tools to help security leaders and their teams craft and implement strategies. These projects deal with a variety of use cases and data types.

Author: James Pooley
Publisher:
ISBN: 9780996391009
Category :
Languages : en
Pages : 306

View

Book Description
CAN YOU KEEP A SECRET IN THIS HYPERCONNECTED WORLD? Information is the business asset of the 21st century. So our impulse may be to guard it. Yet in a flat global economy, we have to share it-not just with employees but also partners, vendors, customers and consultants. Here's the risk: secrets falling into the wrong hands can destroy a project, or even bring down a company. And the same technology that enables seamless communication also makes data theft easy, cheap and hard to detect. So what can managers and business owners do to protect and exploit their competitive advantage, maintain productive relationships, and avoid lawsuits? In Secrets you will find the answers, discovering how to: Identify and reduce your risk of information loss Deal with employees leaving to join or start a competitor Manage your data on the Internet and in the Cloud Build an information protection program with best practices Respond when you find a breach of confidentiality Trade secrets expert James Pooley has written a "must have" resource for executives and managers, knowledge workers, consultants, security professionals, entrepreneurs, investors, lawyers and accountants-anyone and everyone who works with information. "Jim Pooley has spotted one of the great ironies of modern business: In an age of transparency and 'open innovation, ' the value of secrets has skyrocketed. And so has their vulnerability. - Stan McCoy, former Assistant U.S. Trade Representative "Pooley makes the reader feel every creak of the tightrope innovators must walk between trusting sensitive information with others yet also taking smart precautions against lawsuits, leaks, and outright theft." - Louis Foreman, creator of Emmy Award-winning PBS series "Everyday Edisons" and author of "The Independent Inventor's Handbook" "The book is a dose of reality to those in denial about the real and pervasive dangers of the world we live in." - Federico Faggin, co-inventor of the microprocessor "With patent protections in America shrinking steadily, more and more companies and their lawyers will have to turn to trade secrets, and this guide will illuminate the way for all." - Hon. Paul Michel, Chief Judge (ret.), Federal Circuit Court of Appeals James Pooley has been a Silicon Valley lawyer, leader, manager, diplomat, professor and writer. From 2009 to 2014 he was Deputy Director General for Innovation and Technology at the World Intellectual Property Organization, an agency of the United Nations, where he ran the international patent system."

Author: Jim Seaman
Publisher: CRC Press
ISBN: 1000918912
Category : Computers
Languages : en
Pages : 253

View

Book Description
The importance of businesses being ‘operationally resilient’ is becoming increasingly important, and a driving force behind whether an organization can ensure that its valuable business operations can ‘bounce back’ from or manage to evade impactful occurrences is its security risk management capabilities. In this book, we change the perspective on an organization’s operational resilience capabilities so that it shifts from being a reactive (tick box) approach to being proactive. The perspectives of every chapter in this book focus on risk profiles and how your business can reduce these profiles using effective mitigation measures. The book is divided into two sections: 1. Security Risk Management (SRM). All the components of security risk management contribute to your organization’s operational resilience capabilities, to help reduce your risks. • Reduce the probability/ likelihood. 2. Survive to Operate. If your SRM capabilities fail your organization, these are the components that are needed to allow you to quickly ‘bounce back.’ • Reduce the severity/ impact. Rather than looking at this from an operational resilience compliance capabilities aspect, we have written these to be agnostic of any specific operational resilience framework (e.g., CERT RMM, ISO 22316, SP 800- 160 Vol. 2 Rev. 1, etc.), with the idea of looking at operational resilience through a risk management lens instead. This book is not intended to replace these numerous operational resilience standards/ frameworks but, rather, has been designed to complement them by getting you to appreciate their value in helping to identify and mitigate your operational resilience risks. Unlike the cybersecurity or information security domains, operational resilience looks at risks from a business-oriented view, so that anything that might disrupt your essential business operations are risk-assessed and appropriate countermeasures identified and applied. Consequently, this book is not limited to cyberattacks or the loss of sensitive data but, instead, looks at things from a holistic business-based perspective.

Author: Kevin Lynn McLaughlin
Publisher: CRC Press
ISBN: 1000968359
Category : Computers
Languages : en
Pages : 104

View

Book Description
Cybersecurity Operations and Fusion Centers: A Comprehensive Guide to SOC and TIC Strategy by Dr. Kevin Lynn McLaughlin is a must-have resource for anyone involved in the establishment and operation of a Cybersecurity Operations and Fusion Center (SOFC). Think of a combination cybersecurity SOC and cybersecurity Threat Intelligence Center (TIC). In this book, Dr. McLaughlin, who is a well-respected cybersecurity expert, provides a comprehensive guide to the critical importance of having an SOFC and the various options available to organizations to either build one from scratch or purchase a ready-made solution. The author takes the reader through the crucial steps of designing an SOFC model, offering expert advice on selecting the right partner, allocating resources, and building a strong and effective team. The book also provides an in-depth exploration of the design and implementation of the SOFC infrastructure and toolset, including the use of virtual tools, the physical security of the SOFC, and the impact of COVID-19 on remote workforce operations. A bit of gamification is described in the book as a way to motivate and maintain teams of high-performing and well-trained cybersecurity professionals. The day-to-day operations of an SOFC are also thoroughly examined, including the monitoring and detection process, security operations (SecOps), and incident response and remediation. The book highlights the significance of effective reporting in driving improvements in an organization’s security posture. With its comprehensive analysis of all aspects of the SOFC, from team building to incident response, this book is an invaluable resource for anyone looking to establish and operate a successful SOFC. Whether you are a security analyst, senior analyst, or executive, this book will provide you with the necessary insights and strategies to ensure maximum performance and long-term success for your SOFC. By having this book as your guide, you can rest assured that you have the knowledge and skills necessary to protect an organization’s data, assets, and operations.

Author: L. T. San
Publisher: CRC Press
ISBN: 1000969045
Category : Business & Economics
Languages : en
Pages : 132

View

Book Description
This book is about the primary symptoms present in a dysfunctional culture that could have devastating outcomes for any organization. The book outlines each of the seven sins in each chapter. Each of the first seven chapters (Chapters 1–7) starts with a famous quote related to each of the sins and then immediately recounts stories ripped from the headlines describing well-known corporate failures but with a personal touch from former employees who experienced those stories from inside the company. (The sources for these stories are all cited in their Bibliographies.) The seven sins of organizational culture are linked with seven different corporate scandals that serve as a "lesson learned" as well as seven stories of organizations that have been successful with each respective organizational attribute as follows: Flawed Mission and Misaligned Values uses WorldCom as the lesson learned and Patagonia as the success case. Flawed Incentives uses Wells Fargo as the lesson learned and Bridgeport Financial as the success case. Lack of Accountability uses HSBC as the lesson learned and McDonald’s as the success case. Ineffective Talent Management uses Enron as the lesson learned and Southwest Airlines as the success case. Lack of Transparency uses Theranos as the lesson learned and Zappos as the success case. Ineffective Risk Management uses the 2008 mortgage industry collapse as the lesson learned and Michael Burry as the success case. Ineffective Leadership summarizes all of the foregoing sins as failures of Leadership. In each chapter and for each organizational sin, the author offers seven attributes of a healthy culture to counter the cultural dysfunction. The seven healthy attributes for each of the seven sins are all original content. In Chapter 8, the author offers an approach for assessing an organization’s culture by providing seven ways to measure the different drivers of organizational culture. The ideas for how to measure corporate culture is original content, with some references to existing frameworks (all cited in the Bibliography.) Finally, in Chapter 9, the author offers a step-by-step outline for transforming the culture. The chapter starts with a story about how Korean Air suffered multiple crashes due to their corporate culture but were able to successfully transform their culture. (The source for the Korean Air story is cited in the Bibliography.) There are seven appendices, most of which are by the author except for the maturity of risk management, which references an OECD (government entity) risk management maturity framework.

Author: Michelle Dennedy
Publisher: Apress
ISBN: 1430263563
Category : Computers
Languages : en
Pages : 386

View

Book Description
"It's our thesis that privacy will be an integral part of the next wave in the technology revolution and that innovators who are emphasizing privacy as an integral part of the product life cycle are on the right track." --The authors of The Privacy Engineer's Manifesto The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value is the first book of its kind, offering industry-proven solutions that go beyond mere theory and adding lucid perspectives on the challenges and opportunities raised with the emerging "personal" information economy. The authors, a uniquely skilled team of longtime industry experts, detail how you can build privacy into products, processes, applications, and systems. The book offers insight on translating the guiding light of OECD Privacy Guidelines, the Fair Information Practice Principles (FIPPs), Generally Accepted Privacy Principles (GAPP) and Privacy by Design (PbD) into concrete concepts that organizations, software/hardware engineers, and system administrators/owners can understand and apply throughout the product or process life cycle—regardless of development methodology—from inception to retirement, including data deletion and destruction. In addition to providing practical methods to applying privacy engineering methodologies, the authors detail how to prepare and organize an enterprise or organization to support and manage products, process, systems, and applications that require personal information. The authors also address how to think about and assign value to the personal information assets being protected. Finally, the team of experts offers thoughts about the information revolution that has only just begun, and how we can live in a world of sensors and trillions of data points without losing our ethics or value(s)...and even have a little fun. The Privacy Engineer's Manifesto is designed to serve multiple stakeholders: Anyone who is involved in designing, developing, deploying and reviewing products, processes, applications, and systems that process personal information, including software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals. This book is a must-read for all practitioners in the personal information economy. Privacy will be an integral part of the next wave in the technology revolution; innovators who emphasize privacy as an integral part of the product life cycle are on the right track. Foreword by Dr. Eric Bonabeau, PhD, Chairman, Icosystem, Inc. & Dean of Computational Sciences, Minerva Schools at KGI.