Managing catastrophic loss of sensitive data
Offering a structured approach to handling and recovering from a catastrophic data loss, this book will help both technical and non-technical professionals put effective processes in place to secure their business-critical information and provide a roadmap of the appropriate recovery and notificatio...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Burlington, MA :
Syngress, Elsevier Science
2008.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627481106719 |
Tabla de Contenidos:
- Front Cover; Managing Catastrophic Loss of Sensitive Data; Copyright Page; Author; Contents; Chapter 1: Introduction; Overview; What Is Sensitive Data?; Personally Identifiable Information; Confidential Business Information; Data Categories; Data Security Breach; Data Loss Consequences; Impact; Identity Theft; Organizational Costs; Prevention and Safeguards; Response; Notification; Recovering from a Data Breach; Organization of the Book; Chapter 2: Data Classification; Chapter 3: Controls and Safeguards; Chapter 4: Data Security Policy; Chapter 5: Response Program
- Chapter 6: Detection and ReportingChapter 7: Evaluation and Response; Chapter 8: Disclosure and Notification; Chapter 9: Closure; Appendix A: Relevant Legislation; Chapter 2: Data Classification; Introduction; Security Objectives; Potential Impact; Low; Moderate; High; Classification Levels; Confidential; Internal; Public; Data Ownership and Usage; Owner; Custodian; User; User Manager; Information Security Officer; Chief Information Officer; Data Sharing; Metadata; Classification Project; Create an Information Asset Inventory; Specify the Classification Criteria; Classify the Data
- Special ConsiderationsAggregation; Extracts; Impact on Other Data or Systems; Unstructured Data; Perform Risk Assessment; Assessment Elements; Models; Approach; Considerations; Risk Management Options; Key Practices; Documentation; Update; Challenges; Develop Control Implementation Plan; Types of Classification Level Controls; Device and Media Controls; Document Exceptions to Recommended Controls; The Data Life Cycle; Summary; Chapter 3: Controls and Safeguards; Data Security Program; Security Controls; Management Responsibility; Defense in Depth; Control Identification; Types of Controls
- Baseline ApproachConstraints; Laptops; Portable Storage Devices; Transportable Media; E-mail; Internal Controls; External Controls; Technical Safeguards; Firewalls; Intrusion Detection and Prevention Systems; Penetration Testing and Vulnerability Scanning; Data Transmission; Remote Access; External System Connections; Antivirus and Patches; Isolation and Minimization; Access Control; Access Provisioning; Authentication; Entitlement Reviews; Privileged Accounts; Account Ownership; Account Assignment and Usage; Managing Account Passwords; Activity Logging and Monitoring; Policies and Procedures
- Developer Access to ProductionPhysical Access; Activity Logging and Monitoring; Activity Monitoring; Baseline Logging; Centralized Log Management; Protection of Log Files; Storage; Software Assurance; Change Management; Backup and Restore; Disaster Recovery/Business Continuity Planning; Disposal; Measures; Responsibility; Recording; Insiders; Social Engineering; Third-Party Vendors; Training and Awareness; Compensating Controls; Auditing; Data Security Policy; Risk Assessment; Controls; Testing; Third Party Providers; Testing; Updating; Security Program; Controls; Summary
- Chapter 4: Data Security Policy
