Cybersecurity and privacy law handbook a beginner's guide to dealing with privacy and security while keeping hackers at bay /

Mostrar otras versiones (1)

Get to grips with cybersecurity and privacy laws to protect your company's data and comply with international privacy standards Key Features Comply with cybersecurity standards and protect your data from hackers Find the gaps in your company's security posture with gap analysis and busines...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Rocchi, Walter (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, 2022.
Temas:
Computer security > Law and legislation.
Privacy, Right of.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credits
  • Dedication
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Start From the Basics
  • Chapter 1: ISO27001
  • Definitions and Security Concepts
  • The 27k family of standards
  • Confidentiality, integrity, and availability
  • Information security concepts and definitions
  • Governance, policies, and incident management
  • Governance
  • Policies and procedures
  • Incident management
  • Differences between ISO 27001 and NIST
  • What's NIST?
  • Summary
  • Part 2: Into the Wild
  • Chapter 2: Mandatory Requirements
  • ISMS, controls, commitment, context, scope policy, and objectives
  • iSMS
  • Statement of applicability, risk treatment plan, and action plan
  • Controls
  • Commitment and project management
  • Identify, Protect, Detect, Respond, and Recover
  • Identify
  • Protect
  • Detect
  • Respond
  • Recover
  • Can ISO 27001 and NIST coexist?
  • Summary
  • Chapter 3: Data Protection
  • What is privacy (and why do we desperately need it)?
  • GDPR and his brothers
  • Territorial scope
  • The GDPR, CCPA, and LGPD each define personal data differently
  • The importance of anonymous, pseudonymous, de-identified, and aggregated information
  • Legal bases for data processing
  • Data access privileges
  • Fines and penalties
  • Why deal with data protection?
  • The six principles of the GDPR
  • Summary
  • Chapter 4: Data Processing
  • The data controller
  • The data processor
  • Accountability
  • Recommended documents
  • The privacy dashboard
  • Training materials
  • Mandatory documents
  • Data protection
  • the last warning
  • EU-US Privacy Shield
  • Brief summary
  • Schrems II ruling
  • The frequently asked questions issued by the EDPB
  • What occurs next? Vade mecum for entities
  • Conclusions
  • Summary
  • Chapter 5: Security Planning and Risk Management
  • Security threats and challenges
  • What are the different types of security threats?
  • What is risk and what is a threat?
  • Implementing a risk management program
  • Why is risk management so important?
  • Traditional risk management versus enterprise risk management
  • What are the steps involved in risk management for information security?
  • From the top-down to the bottom-up
  • Benefits and challenges of risk management
  • Building and implementing a risk management plan
  • Qualitative risk analysis
  • Quantitative risk analysis
  • Difference between qualitative and quantitative risk analysis
  • When to perform a qualitative and quantitative risk analysis
  • Summary
  • Part 3: Escape from Chaos
  • Chapter 6: Define ISO 27001 Mandatory Requirements
  • ISO 27001 operations
  • The ISO 27001 standard
  • what it is and what requirements it establishes
  • How to structure an iSMS
  • ISO 27001 support requirements (or Clause 7)
  • 7.1
  • Resources required to establish and operate an iSMS
  • 7.2
  • Competency
  • 7.3
  • Awareness

Ejemplares similares