Vor Ort
Merkzettel Warenkorb
Produktbild: Information Security and Privacy Quick Reference

Information Security and Privacy Quick Reference The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer

35,99 €

inkl. gesetzl. MwSt., Versandkostenfrei

Beschreibung

Produktdetails

Einband

Taschenbuch

Erscheinungsdatum

02.06.2025

Verlag

Wiley

Seitenzahl

320

Maße (L/B/H)

22,6/14,9/1,7 cm

Gewicht

431 g

Sprache

Englisch

ISBN

978-1-394-35331-6

Beschreibung

Produktdetails

Einband

Taschenbuch

Erscheinungsdatum

02.06.2025

Verlag

Wiley

Seitenzahl

320

Maße (L/B/H)

22,6/14,9/1,7 cm

Gewicht

431 g

Sprache

Englisch

ISBN

978-1-394-35331-6

Herstelleradresse

Libri GmbH
Europaallee 1
36244 Bad Hersfeld
DE

Email: gpsr@libri.de

Noch keine Bewertungen vorhanden

Verfassen Sie die erste Bewertung zu diesem Artikel

Helfen Sie anderen Kundinnen und Kunden durch Ihre Meinung.

Kundinnen und Kunden meinen

Bewertungen (0)
Die Leseprobe wird geladen.
  • Produktbild: Information Security and Privacy Quick Reference

  • Introduction xiii

    1 Security and Privacy Foundations 1

    Security 101 1

    Confidentiality, Integrity, and Availability (CIA) 3

    Disclosure, Alteration, and Destruction (DAD) 4

    Authentication, Authorization, and Accounting (AAA) 5

    Privacy in the Modern Era 6

    Foundational Privacy Principles 8

    Security and Privacy Frameworks 11

    Security and Privacy Policies: Creation and Enforcement 14

    Establishing Security Awareness Programs 16

    Security Strategies 19

    2 Governance, Risk Management, and Compliance 23

    The Role of Governance in Security and Privacy 23

    Key Regulations and Standards 26

    Regulatory Compliance 29

    Building and Managing a Risk Management Framework 32

    Managing Third-Party Risks and Vendor Assessments 35

    3 Security Architecture and Design 39

    Principles of Secure Design 39

    Security Operations Foundations 42

    Ensuring Confidentiality, Integrity, and Availability 44

    Understanding Security Models 46

    Implementing Personnel Security 49

    Applying Protection Mechanisms 52

    System Resilience and High Availability 54

    4 Identity and Access Management 57

    IAM Core Concepts and Principles 57

    Authentication Methods and Multifactor Authentication 60

    Role-Based Access Control Versus Attribute-Based Access Control 62

    Identity Federation and Single Sign-On 65

    Zero Trust Architecture for IAM 68

    Identity Governance Life Cycle 71

    Access Control Attacks 73

    5 Data Protection and Privacy Engineering 77

    Data Classification and Labeling 77

    Data Masking, Tokenization, and Encryption 80

    Data Loss Prevention Strategies 82

    Privacy by Design 85

    Developing a Privacy Program 87

    Cross-Border Data Transfers and Legal Implications 90

    Data Subject Rights and Privacy Request Handling 93

    Data Retention, Archiving, and Secure Disposal 96

    6 Security and Privacy Incident Management 101

    Incident Response Planning 101

    Detection and Triage of Security and Privacy Incidents 104

    Investigating Incidents 106

    Communication Plans for Incident Response 110

    Post-Incident Review and Lessons Learned 113

    Privacy Breach Notifications and Regulatory Reporting 117

    7 Network Security and Privacy Protections 121

    Secure Network Components 121

    Network Segmentation 125

    System Hardening 128

    Firewalls and Intrusion Detection/Prevention Systems 130

    Virtual Private Networks and Secure Access Service Edge 133

    Secure Wireless Network Management 136

    Securing the Cloud 139

    Network Monitoring 142

    8 Security Assessment and Testing 145

    Building a Security Assessment and Testing Program 145

    Vulnerability Management 147

    Understanding Security Vulnerabilities 150

    Penetration Testing 153

    Testing Software 155

    Training and Exercises 158

    9 Endpoint and Device Security 163

    Endpoint Detection and Response 163

    Network Device Security 166

    Mobile Device Management 169

    Understanding Malware 173

    Malware Prevention 176

    Patching and Vulnerability Remediation 178

    10 Application Security 183

    Secure Software Development Life Cycle 183

    DevSecOps and DevOps Integration 187

    Application Attacks 191

    Injection Vulnerabilities 192

    Authorization Vulnerabilities 194

    Web Application Attacks 196

    Application Security Controls 198

    Coding Best Practices 201

    11 Cryptography Essentials 205

    Core Cryptography Concepts 205

    Symmetric Cryptography 208

    Asymmetric Cryptography 210

    Hash Functions 213

    Digital Signatures 216

    Public Key Infrastructure 218

    Key Management Best Practices 220

    Cryptographic Attacks 222

    12 Physical and Environmental Security 227

    Security and Facility Design 227

    Physical Access Controls and Monitoring 229

    Security in Data Centers and Server Rooms 232

    Environmental Controls 234

    Implement and Manage Physical Security 235

    13 Legal and Ethical Considerations 237

    Computer Crime 238

    Intellectual Property Laws 241

    Software Licensing Laws 243

    Import/Export Laws 244

    Privacy Laws 246

    Compliance 249

    Ethical Considerations 250

    14 Threat Intelligence and Cyber Defense 253

    Threat Actors 253

    Threat Vectors 256

    Threat Intelligence 258

    Threat Feeds 259

    Threat Hunting 262

    Assessing Threat Intelligence 263

    Cyber Kill Chain and the MITRE ATT&CK 265

    15 Business Continuity and Disaster Recovery 269

    Project Scope and Planning 270

    Conducting Business Impact Analysis 273

    Business Continuity Planning Essentials 277

    Recovery Planning Essentials 279

    Disaster Recovery Strategies and Solutions 282

    Testing and Simulation Exercises 284

    Index 289