{"product_id":"information-security-and-privacy-quick-reference-isbn-9781394353316","title":"Information Security and Privacy Quick Reference","description":"\u003cp\u003e\u003cb\u003eA fast, accurate, and up-to-date desk reference for information security and privacy practitioners everywhere\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eInformation security and privacy roles demand up-to-date knowledge coming from a seemingly countless number of sources, including several certifications—like the CISM, CIPP, and CISSP—legislation and regulations issued by state and national governments, guidance from local and industry organizations, and even international bodies, like the European Union. \u003c\/p\u003e\u003cp\u003eThe \u003ci\u003eInformation Security and Privacy Quick Reference: The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer\u003c\/i\u003e is an updated, convenient, and accurate desk reference for information privacy practitioners who need fast and easy access to the latest guidance, laws, and standards that apply in their field. This book is the most effective resource for information security professionals who need immediate and correct solutions to common and rarely encountered problems. \u003c\/p\u003e\u003cp\u003eAn expert team of writers—Joe Shelley, James Michael Stewart, and the bestselling technical author, Mike Chapple—draw on decades of combined technology and education experience to deliver organized and accessible coverage of: \u003c\/p\u003e\u003cul\u003e \u003cli\u003eSecurity and Privacy Foundations \u003c\/li\u003e \u003cli\u003eGovernance, Risk Management, and Compliance\u003c\/li\u003e \u003cli\u003eSecurity Architecture and Design\u003c\/li\u003e \u003cli\u003eIdentity and Access Management\u003c\/li\u003e \u003cli\u003eData Protection and Privacy Engineering\u003c\/li\u003e \u003cli\u003eSecurity and Privacy Incident Management\u003c\/li\u003e \u003cli\u003eNetwork Security and Privacy Protections\u003c\/li\u003e \u003cli\u003eSecurity Assessment and Testing\u003c\/li\u003e \u003cli\u003eEndpoint and Device Security\u003c\/li\u003e \u003cli\u003eApplication Security\u003c\/li\u003e \u003cli\u003eCryptography Essentials\u003c\/li\u003e \u003cli\u003ePhysical and Environmental Security\u003c\/li\u003e \u003cli\u003eLegal and Ethical Considerations\u003c\/li\u003e \u003cli\u003eThreat Intelligence and Cyber Defense\u003c\/li\u003e \u003cli\u003eBusiness Continuity and Disaster Recovery\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003e\u003ci\u003eInformation Security and Privacy Quick Reference\u003c\/i\u003e is a must-have resource for CISOs, CSOs, Chief Privacy Officers, and other information security and privacy professionals seeking a reliable, accurate, and fast way to answer the questions they encounter at work every single day. \u003c\/p\u003e\u003cp\u003eIntroduction xiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 Security and Privacy Foundations 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecurity 101 1\u003c\/p\u003e \u003cp\u003eConfidentiality, Integrity, and Availability (CIA) 3\u003c\/p\u003e \u003cp\u003eDisclosure, Alteration, and Destruction (DAD) 4\u003c\/p\u003e \u003cp\u003eAuthentication, Authorization, and Accounting (AAA) 5\u003c\/p\u003e \u003cp\u003ePrivacy in the Modern Era 6\u003c\/p\u003e \u003cp\u003eFoundational Privacy Principles 8\u003c\/p\u003e \u003cp\u003eSecurity and Privacy Frameworks 11\u003c\/p\u003e \u003cp\u003eSecurity and Privacy Policies: Creation and Enforcement 14\u003c\/p\u003e \u003cp\u003eEstablishing Security Awareness Programs 16\u003c\/p\u003e \u003cp\u003eSecurity Strategies 19\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Governance, Risk Management, and Compliance 23\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Role of Governance in Security and Privacy 23\u003c\/p\u003e \u003cp\u003eKey Regulations and Standards 26\u003c\/p\u003e \u003cp\u003eRegulatory Compliance 29\u003c\/p\u003e \u003cp\u003eBuilding and Managing a Risk Management Framework 32\u003c\/p\u003e \u003cp\u003eManaging Third-Party Risks and Vendor Assessments 35\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 Security Architecture and Design 39\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrinciples of Secure Design 39\u003c\/p\u003e \u003cp\u003eSecurity Operations Foundations 42\u003c\/p\u003e \u003cp\u003eEnsuring Confidentiality, Integrity, and Availability 44\u003c\/p\u003e \u003cp\u003eUnderstanding Security Models 46\u003c\/p\u003e \u003cp\u003eImplementing Personnel Security 49\u003c\/p\u003e \u003cp\u003eApplying Protection Mechanisms 52\u003c\/p\u003e \u003cp\u003eSystem Resilience and High Availability 54\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Identity and Access Management 57\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIAM Core Concepts and Principles 57\u003c\/p\u003e \u003cp\u003eAuthentication Methods and Multifactor Authentication 60\u003c\/p\u003e \u003cp\u003eRole-Based Access Control Versus Attribute-Based Access Control 62\u003c\/p\u003e \u003cp\u003eIdentity Federation and Single Sign-On 65\u003c\/p\u003e \u003cp\u003eZero Trust Architecture for IAM 68\u003c\/p\u003e \u003cp\u003eIdentity Governance Life Cycle 71\u003c\/p\u003e \u003cp\u003eAccess Control Attacks 73\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 Data Protection and Privacy Engineering 77\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eData Classification and Labeling 77\u003c\/p\u003e \u003cp\u003eData Masking, Tokenization, and Encryption 80\u003c\/p\u003e \u003cp\u003eData Loss Prevention Strategies 82\u003c\/p\u003e \u003cp\u003ePrivacy by Design 85\u003c\/p\u003e \u003cp\u003eDeveloping a Privacy Program 87\u003c\/p\u003e \u003cp\u003eCross-Border Data Transfers and Legal Implications 90\u003c\/p\u003e \u003cp\u003eData Subject Rights and Privacy Request Handling 93\u003c\/p\u003e \u003cp\u003eData Retention, Archiving, and Secure Disposal 96\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Security and Privacy Incident Management 101\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIncident Response Planning 101\u003c\/p\u003e \u003cp\u003eDetection and Triage of Security and Privacy Incidents 104\u003c\/p\u003e \u003cp\u003eInvestigating Incidents 106\u003c\/p\u003e \u003cp\u003eCommunication Plans for Incident Response 110\u003c\/p\u003e \u003cp\u003ePost-Incident Review and Lessons Learned 113\u003c\/p\u003e \u003cp\u003ePrivacy Breach Notifications and Regulatory Reporting 117\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Network Security and Privacy Protections 121\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecure Network Components 121\u003c\/p\u003e \u003cp\u003eNetwork Segmentation 125\u003c\/p\u003e \u003cp\u003eSystem Hardening 128\u003c\/p\u003e \u003cp\u003eFirewalls and Intrusion Detection\/Prevention Systems 130\u003c\/p\u003e \u003cp\u003eVirtual Private Networks and Secure Access Service Edge 133\u003c\/p\u003e \u003cp\u003eSecure Wireless Network Management 136\u003c\/p\u003e \u003cp\u003eSecuring the Cloud 139\u003c\/p\u003e \u003cp\u003eNetwork Monitoring 142\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Security Assessment and Testing 145\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBuilding a Security Assessment and Testing Program 145\u003c\/p\u003e \u003cp\u003eVulnerability Management 147\u003c\/p\u003e \u003cp\u003eUnderstanding Security Vulnerabilities 150\u003c\/p\u003e \u003cp\u003ePenetration Testing 153\u003c\/p\u003e \u003cp\u003eTesting Software 155\u003c\/p\u003e \u003cp\u003eTraining and Exercises 158\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 Endpoint and Device Security 163\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEndpoint Detection and Response 163\u003c\/p\u003e \u003cp\u003eNetwork Device Security 166\u003c\/p\u003e \u003cp\u003eMobile Device Management 169\u003c\/p\u003e \u003cp\u003eUnderstanding Malware 173\u003c\/p\u003e \u003cp\u003eMalware Prevention 176\u003c\/p\u003e \u003cp\u003ePatching and Vulnerability Remediation 178\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 Application Security 183\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecure Software Development Life Cycle 183\u003c\/p\u003e \u003cp\u003eDevSecOps and DevOps Integration 187\u003c\/p\u003e \u003cp\u003eApplication Attacks 191\u003c\/p\u003e \u003cp\u003eInjection Vulnerabilities 192\u003c\/p\u003e \u003cp\u003eAuthorization Vulnerabilities 194\u003c\/p\u003e \u003cp\u003eWeb Application Attacks 196\u003c\/p\u003e \u003cp\u003eApplication Security Controls 198\u003c\/p\u003e \u003cp\u003eCoding Best Practices 201\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 Cryptography Essentials 205\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCore Cryptography Concepts 205\u003c\/p\u003e \u003cp\u003eSymmetric Cryptography 208\u003c\/p\u003e \u003cp\u003eAsymmetric Cryptography 210\u003c\/p\u003e \u003cp\u003eHash Functions 213\u003c\/p\u003e \u003cp\u003eDigital Signatures 216\u003c\/p\u003e \u003cp\u003ePublic Key Infrastructure 218\u003c\/p\u003e \u003cp\u003eKey Management Best Practices 220\u003c\/p\u003e \u003cp\u003eCryptographic Attacks 222\u003c\/p\u003e \u003cp\u003e\u003cb\u003e12 Physical and Environmental Security 227\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecurity and Facility Design 227\u003c\/p\u003e \u003cp\u003ePhysical Access Controls and Monitoring 229\u003c\/p\u003e \u003cp\u003eSecurity in Data Centers and Server Rooms 232\u003c\/p\u003e \u003cp\u003eEnvironmental Controls 234\u003c\/p\u003e \u003cp\u003eImplement and Manage Physical Security 235\u003c\/p\u003e \u003cp\u003e\u003cb\u003e13 Legal and Ethical Considerations 237\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eComputer Crime 238\u003c\/p\u003e \u003cp\u003eIntellectual Property Laws 241\u003c\/p\u003e \u003cp\u003eSoftware Licensing Laws 243\u003c\/p\u003e \u003cp\u003eImport\/Export Laws 244\u003c\/p\u003e \u003cp\u003ePrivacy Laws 246\u003c\/p\u003e \u003cp\u003eCompliance 249\u003c\/p\u003e \u003cp\u003eEthical Considerations 250\u003c\/p\u003e \u003cp\u003e\u003cb\u003e14 Threat Intelligence and Cyber Defense 253\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThreat Actors 253\u003c\/p\u003e \u003cp\u003eThreat Vectors 256\u003c\/p\u003e \u003cp\u003eThreat Intelligence 258\u003c\/p\u003e \u003cp\u003eThreat Feeds 259\u003c\/p\u003e \u003cp\u003eThreat Hunting 262\u003c\/p\u003e \u003cp\u003eAssessing Threat Intelligence 263\u003c\/p\u003e \u003cp\u003eCyber Kill Chain and the MITRE ATT\u0026amp;CK 265\u003c\/p\u003e \u003cp\u003e\u003cb\u003e15 Business Continuity and Disaster Recovery 269\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eProject Scope and Planning 270\u003c\/p\u003e \u003cp\u003eConducting Business Impact Analysis 273\u003c\/p\u003e \u003cp\u003eBusiness Continuity Planning Essentials 277\u003c\/p\u003e \u003cp\u003eRecovery Planning Essentials 279\u003c\/p\u003e \u003cp\u003eDisaster Recovery Strategies and Solutions 282\u003c\/p\u003e \u003cp\u003eTesting and Simulation Exercises 284\u003c\/p\u003e \u003cp\u003eIndex 289\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eMike Chapple, PhD, CISSP, CISM, CIPP\/US, CIPM, and CCSP,\u003c\/b\u003e is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business. He is the bestselling author of over 50 technical books. He is also the Faculty Director of the University’s Business\/Computer Science program. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eJoe Shelley, CIPP\/US, CIPM, and Security+,\u003c\/b\u003e is the Vice President for Libraries and Information Technology at Hamilton College in New York. He oversees the information security and privacy programs, IT risk management, business intelligence and analytics, and data governance. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eJames Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CEI, and CFR,\u003c\/b\u003e has been writing and training for more than 25 years, with a focus on CISSP, internet security and ethical hacking\/penetration testing. He is the author of and contributor to more than 80 books on security certification, Microsoft topics, and network administration.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eAn up-to-date and comprehensive desk reference for information security and privacy professionals\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eCISOs, CSOs, Chief Privacy Officers, and other information security and privacy professionals are required to understand and apply legislation and regulations from seemingly countless local, state, national, and international authorities. The information you need every day is contained in an overwhelming number of sources from all over the world. \u003c\/p\u003e\u003cp\u003eThe \u003ci\u003eInformation Security and Privacy Quick Reference\u003c\/i\u003e is a convenient and straightforward solution to this information overload. The book combines and summarizes the tangle of overlapping technical certification objectives, government guidance, and international standards that you must apply in your day-to-day. It offers comprehensive and concise coverage of information security and privacy topics, organizing it all into easy-to-find and accessible chapters that explain: \u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eSecurity and Privacy Foundations\u003c\/li\u003e\n\u003cli\u003eGovernance, Risk Management, and Compliance\u003c\/li\u003e\n\u003cli\u003eSecurity Architecture and Design\u003c\/li\u003e\n\u003cli\u003eIdentity and Access Management\u003c\/li\u003e\n\u003cli\u003eData Protection and Privacy Engineering \u003c\/li\u003e\n\u003cli\u003eCryptography Essentials\u003c\/li\u003e\n\u003cli\u003ePhysical and Environmental Security\u003c\/li\u003e\n\u003cli\u003eLegal and Ethical Considerations\u003c\/li\u003e\n\u003cli\u003eSecurity and Privacy Incident Management\u003c\/li\u003e\n\u003cli\u003eNetwork Security and Privacy Protections\u003c\/li\u003e\n\u003cli\u003eSecurity Assessment and Testing\u003c\/li\u003e\n\u003cli\u003eEndpoint and Device Security\u003c\/li\u003e\n\u003cli\u003eApplication Security\u003c\/li\u003e\n\u003cli\u003eThreat Intelligence and Cyber Defense\u003c\/li\u003e\n\u003cli\u003eBusiness Continuity and Disaster Recovery\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989422325989,"sku":"NP9781394353316","price":30.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781394353316.jpg?v=1761784043","url":"https:\/\/k12savings.com\/es\/products\/information-security-and-privacy-quick-reference-isbn-9781394353316","provider":"K12savings","version":"1.0","type":"link"}