Cybersecurity and privacy law handbook : a beginner's guide to dealing with privacy and security while keeping hackers at bay

Cybersecurity and privacy law handbook a beginner's guide to dealing with privacy and security while keeping hackers at bay

Get to grips with cybersecurity and privacy laws to protect your company's data and comply with international privacy standards Key Features Comply with cybersecurity standards and protect your data from hackers Find the gaps in your company's security posture with gap analysis and busines...

Descripción completa

Detalles Bibliográficos
Otros Autores: Rocchi, Walter, author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: London, England : Packt Publishing [2022]
Edición:1st ed
Materias:
Computer security > Law and legislation.
Privacy, Right of.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009711797706719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credits
  • Dedication
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Start From the Basics
  • Chapter 1: ISO27001 - Definitions and Security Concepts
  • The 27k family of standards
  • Confidentiality, integrity, and availability
  • Information security concepts and definitions
  • Governance, policies, and incident management
  • Governance
  • Policies and procedures
  • Incident management
  • Differences between ISO 27001 and NIST
  • What's NIST?
  • Summary
  • Part 2: Into the Wild
  • Chapter 2: Mandatory Requirements
  • iSMS, controls, commitment, context, scope policy, and objectives
  • iSMS
  • Statement of applicability, risk treatment plan, and action plan
  • Controls
  • Commitment and project management
  • Identify, Protect, Detect, Respond, and Recover
  • Identify
  • Protect
  • Detect
  • Respond
  • Recover
  • Can ISO 27001 and NIST coexist?
  • Summary
  • Chapter 3: Data Protection
  • What is privacy (and why do we desperately need it)?
  • GDPR and his brothers
  • Territorial scope
  • The GDPR, CCPA, and LGPD each define personal data differently
  • The importance of anonymous, pseudonymous, de-identified, and aggregated information
  • Legal bases for data processing
  • Data access privileges
  • Fines and penalties
  • Why deal with data protection?
  • The six principles of the GDPR
  • Summary
  • Chapter 4: Data Processing
  • The data controller
  • The data processor
  • Accountability
  • Recommended documents
  • The privacy dashboard
  • Training materials
  • Mandatory documents
  • Data protection - the last warning
  • EU-US Privacy Shield
  • Brief summary
  • Schrems II ruling
  • The frequently asked questions issued by the EDPB
  • What occurs next? Vade mecum for entities
  • Conclusions
  • Summary
  • Chapter 5: Security Planning and Risk Management
  • Security threats and challenges.
  • What are the different types of security threats?
  • What is risk and what is a threat?
  • Implementing a risk management program
  • Why is risk management so important?
  • Traditional risk management versus enterprise risk management
  • What are the steps involved in risk management for information security?
  • From the top-down to the bottom-up
  • Benefits and challenges of risk management
  • Building and implementing a risk management plan
  • Qualitative risk analysis
  • Quantitative risk analysis
  • Difference between qualitative and quantitative risk analysis
  • When to perform a qualitative and quantitative risk analysis
  • Summary
  • Part 3: Escape from Chaos
  • Chapter 6: Define ISO 27001 Mandatory Requirements
  • ISO 27001 operations
  • The ISO 27001 standard - what it is and what requirements it establishes
  • How to structure an iSMS
  • ISO 27001 support requirements (or Clause 7)
  • 7.1 - Resources required to establish and operate an iSMS
  • 7.2 - Competency
  • 7.3 - Awareness
  • 7.4 - Communication
  • 7.5 - Documented information
  • Summary
  • Chapter 7: Risk Management, Controls, and Policies
  • Elements of project risk management
  • The risk management plan
  • Fundamental notions
  • Risk evaluation
  • Risk characteristics
  • Risk heatmaps
  • Risk mitigation
  • Best risk mitigation strategies
  • How to establish risk mitigation strategies
  • Data classification
  • Why is the classification of data important?
  • What are the four levels of data classification?
  • What are the various types of data classification?
  • Difficulties with data classification
  • Effects of compliance standards on data classification
  • Data classification levels
  • Developing a policy for data classification
  • Data classification procedures
  • ISO 27001 controls
  • Control Category A.5 - Information Security Policies (1 objective and 2 controls).
  • Control Category A.6 - Organization of Information Security (2 objectives and 7 controls)
  • Control Category A.7 - Human Resource Security (3 objectives and 6 controls)
  • Control Category A.8 - Asset Management (3 objectives and 10 controls)
  • Control Category A.9 - Access Control (4 objectives and 14 controls)
  • Control Category A.10 - Cryptography (1 objective and 2 controls)
  • Control Category A.11 - Physical and Environmental Security (2 objectives and 15 controls)
  • Control Category A.12 - Operations Security (7 objectives and 14 controls)
  • Control Category A.13 - Communications Security (2 objectives and 7 controls)
  • Control Category A.14 - System Acquisition, Development, and Maintenance (3 objectives and 13 controls)
  • Control Category A.15 - Supplier relationships (2 objectives and 5 controls)
  • Control Category A.16 - Information security incident management (1 objective and 7 controls)
  • Control Category A.17 - Information security aspects of business continuity management (2 objectives and 4 controls)
  • Control Category A.18 - Compliance (2 objectives and 8 controls)
  • Who is charged for implementing Annex A controls?
  • Using the ISO 27001 controls
  • Identification of ISO 27001 controls to implement
  • Summary
  • Chapter 8: Preparing Policies and Procedures to Avoid Internal Risk
  • Company policies
  • How do you determine the appropriate policies for your business?
  • Policy writing instructions
  • What about procedures, then?
  • The importance of policies and procedures versus their pain
  • How to physically write a policy?
  • Selecting a method for managing the process
  • Establishing a policy management group
  • Prioritizing a policy list
  • Creating a preliminary draft
  • Verifying the processes
  • Sending a draft out for review
  • Obtaining final approval and signatures
  • Employee Code of Conduct example draft.
  • Template for the Employee Code of Conduct
  • Cloud hosting policy
  • Company procedures
  • When is a procedure necessary?
  • When a process requires a procedure
  • How to write a procedure
  • Step 1: gathering information
  • Step 2: beginning to write
  • Step 3: evaluating design elements
  • Summary
  • Chapter 9: Social Engineering, Password Guidance, and Policy
  • The starting point
  • OSINT
  • Social scientist
  • Common social engineering attack methods
  • Pretexting
  • Misdirection theft
  • Phishing
  • Targeted phishing
  • Vishing
  • Smishing
  • Have you got a M.A.P.P.?
  • Step 1 - learn how to recognize social engineering attacks
  • Step 2 - develop realistic and implementable policies
  • Step 3 - conduct periodic real-world audits
  • Step 4 - implement applicable security awareness programs
  • Summary
  • Chapter 10: The Cloud
  • How did the cloud emerge?
  • What exactly is the cloud? How does it work?
  • What is cloud security?
  • Types of cloud services
  • Distribution models
  • Cloud security - examples of measures that can prevent risks
  • The seven pain points of cloud computing
  • Reduced visibility
  • Compliance violations
  • Absence of a strategy and architecture for cloud security
  • Internal threats
  • Contractual violations
  • Unprotected user interface (API)
  • Errors in the configuration of cloud services
  • Cloud and GDPR concerns
  • Security concerns specific to the cloud
  • What effect is GDPR having on the cloud industry?
  • Requirements for cloud service providers under GDPR
  • Normative requirements
  • The GDPR code of conduct for CSPs
  • Summary
  • Chapter 11: What about the US?
  • The US status of privacy
  • What the current national privacy laws (don't) do
  • The FTC
  • An overview of Section 5 of the FTC Act
  • NIST and FTC
  • BYOD
  • Benefits of BYOD
  • Disadvantages of BYOD
  • Managing mobile devices.
  • Criteria and recommendations
  • Remote working
  • Security issues
  • Important ramifications
  • Keeping a remote workforce secure
  • A multifaceted strategy
  • Assisting the transformation
  • Computer safety
  • What privacy rights are available to employees?
  • What exemptions exist to worker monitoring?
  • Do employees know what information employers can access?
  • Should employees bring personal equipment to work?
  • Summary
  • Appendix
  • ISO 27002
  • What is different?
  • Is it superior to the previous version?
  • Is it a standard set of controls for information security?
  • What must you do at this time?
  • Privacy
  • VA/PT
  • VA
  • PT
  • Index
  • About Packt
  • Other Books You May Enjoy.

Ejemplares similares