- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
A fast, accurate, and up-to-date desk reference for information security and privacy practitioners everywhere
Information security and privacy roles demand up-to-date knowledge coming from a seemingly countless number of sources, including several certifications—like the CISM, CIPP, and CISSP—legislation and regulations issued by state and national governments, guidance from local and industry organizations, and even international bodies, like the European Union.
The Information Security and Privacy Quick Reference: The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer is an updated, convenient, and accurate desk reference for information privacy practitioners who need fast and easy access to the latest guidance, laws, and standards that apply in their field. This book is the most effective resource for information security professionals who need immediate and correct solutions to common and rarely encountered problems.
An expert team of writers—Joe Shelley, James Michael Stewart, and the bestselling technical author, Mike Chapple—draw on decades of combined technology and education experience to deliver organized and accessible coverage of:
Security and Privacy Foundations
Governance, Risk Management, and Compliance
Security Architecture and Design
Identity and Access Management
Data Protection and Privacy Engineering
Security and Privacy Incident Management
Network Security and Privacy Protections
Security Assessment and Testing
Endpoint and Device Security
Application Security
Cryptography Essentials
Physical and Environmental Security
Legal and Ethical Considerations
Threat Intelligence and Cyber Defense
Business Continuity and Disaster Recovery
Information Security and Privacy Quick Reference is a must-have resource for CISOs, CSOs, Chief Privacy Officers, and other information security and privacy professionals seeking a reliable, accurate, and fast way to answer the questions they encounter at work every single day.
Contents
Introduction xiii
1 Security and Privacy Foundations 1
Security 101 1
Confidentiality, Integrity, and Availability (CIA) 3
Disclosure, Alteration, and Destruction (DAD) 4
Authentication, Authorization, and Accounting (AAA) 5
Privacy in the Modern Era 6
Foundational Privacy Principles 8
Security and Privacy Frameworks 11
Security and Privacy Policies: Creation and Enforcement 14
Establishing Security Awareness Programs 16
Security Strategies 19
2 Governance, Risk Management, and Compliance 23
The Role of Governance in Security and Privacy 23
Key Regulations and Standards 26
Regulatory Compliance 29
Building and Managing a Risk Management Framework 32
Managing Third-Party Risks and Vendor Assessments 35
3 Security Architecture and Design 39
Principles of Secure Design 39
Security Operations Foundations 42
Ensuring Confidentiality, Integrity, and Availability 44
Understanding Security Models 46
Implementing Personnel Security 49
Applying Protection Mechanisms 52
System Resilience and High Availability 54
4 Identity and Access Management 57
IAM Core Concepts and Principles 57
Authentication Methods and Multifactor Authentication 60
Role-Based Access Control Versus Attribute-Based Access Control 62
Identity Federation and Single Sign-On 65
Zero Trust Architecture for IAM 68
Identity Governance Life Cycle 71
Access Control Attacks 73
5 Data Protection and Privacy Engineering 77
Data Classification and Labeling 77
Data Masking, Tokenization, and Encryption 80
Data Loss Prevention Strategies 82
Privacy by Design 85
Developing a Privacy Program 87
Cross-Border Data Transfers and Legal Implications 90
Data Subject Rights and Privacy Request Handling 93
Data Retention, Archiving, and Secure Disposal 96
6 Security and Privacy Incident Management 101
Incident Response Planning 101
Detection and Triage of Security and Privacy Incidents 104
Investigating Incidents 106
Communication Plans for Incident Response 110
Post-Incident Review and Lessons Learned 113
Privacy Breach Notifications and Regulatory Reporting 117
7 Network Security and Privacy Protections 121
Secure Network Components 121
Network Segmentation 125
System Hardening 128
Firewalls and Intrusion Detection/Prevention Systems 130
Virtual Private Networks and Secure Access Service Edge 133
Secure Wireless Network Management 136
Securing the Cloud 139
Network Monitoring 142
8 Security Assessment and Testing 145
Building a Security Assessment and Testing Program 145
Vulnerability Management 147
Understanding Security Vulnerabilities 150
Penetration Testing 153
Testing Software 155
Training and Exercises 158
9 Endpoint and Device Security 163
Endpoint Detection and Response 163
Network Device Security 166
Mobile Device Management 169
Understanding Malware 173
Malware Prevention 176
Patching and Vulnerability Remediation 178
10 Application Security 183
Secure Software Development Life Cycle 183
DevSecOps and DevOps Integration 187
Application Attacks 191
Injection Vulnerabilities 192
Authorization Vulnerabilities 194
Web Application Attacks 196
Application Security Controls 198
Coding Best Practices 201
11 Cryptography Essentials 205
Core Cryptography Concepts 205
Symmetric Cryptography 208
Asymmetric Cryptography 210
Hash Functions 213
Digital Signatures 216
Public Key Infrastructure 218
Key Management Best Practices 220
Cryptographic Attacks 222
12 Physical and Environmental Security 227
Security and Facility Design 227
Physical Access Controls and Monitoring 229
Security in Data Centers and Server Rooms 232
Environmental Controls 234
Implement and Manage Physical Security 235
13 Legal and Ethical Considerations 237
Computer Crime 238
Intellectual Property Laws 241
Software Licensing Laws 243
Import/Export Laws 244
Privacy Laws 246
Compliance 249
Ethical Considerations 250
14 Threat Intelligence and Cyber Defense 253
Threat Actors 253
Threat Vectors 256
Threat Intelligence 258
Threat Feeds 259
Threat Hunting 262
Assessing Threat Intelligence 263
Cyber Kill Chain and the MITRE ATT&CK 265
15 Business Continuity and Disaster Recovery 269
Project Scope and Planning 270
Conducting Business Impact Analysis 273
Business Continuity Planning Essentials 277
Recovery Planning Essentials 279
Disaster Recovery Strategies and Solutions 282
Testing and Simulation Exercises 284
Index 289
