وبلاگ بلیان

Controlling Privacy and the Use of Data Assets - Volume 2 : What Is the New World Currency – Data or Trust?

معرفی کتاب «Controlling Privacy and the Use of Data Assets - Volume 2 : What Is the New World Currency – Data or Trust?» نوشتهٔ Ulf Mattsson، منتشرشده توسط نشر CRC Press LLC در سال 2023. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

The book will review how new and old privacy-preserving techniques can provide practical protection for data in transit, use, and rest. We will position techniques like Data Integrity and Ledger and will provide practical lessons in Data Integrity, Trust, and data’s business utility. Based on a good understanding of new and old technologies, emerging trends, and a broad experience from many projects in this domain, this book will provide a unique context about the WHY (requirements and drivers), WHAT (what to do), and HOW (how to implement), as well as reviewing the current state and major forces representing challenges or driving change, what you should be trying to achieve and how you can do it, including discussions of different options. We will also discuss WHERE (in systems) and WHEN (roadmap). Unlike other general or academic texts, this book is being written to offer practical general advice, outline actionable strategies, and include templates for immediate use. It contains diagrams needed to describe the topics and Use Cases and presents current real-world issues and technological mitigation strategies. The inclusion of the risks to both owners and custodians provides a strong case for why people should care. This book reflects the perspective of a Chief Technology Officer (CTO) and Chief Security Strategist (CSS). The Author has worked in and with startups and some of the largest organizations in the world, and this book is intended for board members, senior decision-makers, and global government policy officials―CISOs, CSOs, CPOs, CTOs, auditors, consultants, investors, and other people interested in data privacy and security. The Author also embeds a business perspective, answering the question of why this an important topic for the board, audit committee, and senior management regarding achieving business objectives, strategies, and goals and applying the risk appetite and tolerance. The focus is on Technical Visionary Leaders, including CTO, Chief Data Officer, Chief Privacy Officer, EVP/SVP/VP of Technology, Analytics, Data Architect, Chief Information Officer, EVP/SVP/VP of I.T., Chief Information Security Officer (CISO), Chief Risk Officer, Chief Compliance Officer, Chief Security Officer (CSO), EVP/SVP/VP of Security, Risk Compliance, and Governance. It can also be interesting reading for privacy regulators, especially those in developed nations with specialist privacy oversight agencies (government departments) across their jurisdictions (e.g., federal and state levels). Cover Endorsement Page Half Title Series Page Title Page Copyright Page Dedication Table of Contents Foreword – Ben Rothke, CISSP, CISM, Senior Information Security Manager, Tapad, Inc.New York, NY Foreword – Jim Ambrosini, CISA, CRISC, CISSP Cybersecurity Consultant and CISO Foreword – Richard Purcell, CEO, Corporate Privacy Group (former Chief PrivacyOfficer, Microsoft) Acknowledgments About the Author Introduction Who Should Read this Book Why is Volume 2 of this Book Needed How to Read this Book Discussions about Trust in User, Apps, and Data The Future of Data Privacy Technologies Requirements, Use Cases, and Business Values Discussions about System Capabilities Section I: Vision and Best Practices Chapter 1: Risks and Threats Introduction A Lack of Trust Data Privacy Privacy Becomes Mission Critical The Threat Landscape Threat for Businesses Ransomware Prevent Attacks Data Security for Hybrid Cloud Data Breaches Insider Threat Spectre-Class Vulnerabilities Trends in Data Breaches Prevent Attacks Ransomware Threat Landscape Hacktivist Ransomware Ransomware-as-a-Service (RaaS) Implications for Cyber Insurance One in Seven Ransomware Extortion Attempts Leak Key Operational Tech Records Misconfiguring a Cloud Database Steal Data during Homomorphic Encryption Crypto Crime Trends DeFi Has Continued to Grow Changing Drivers for Increased Cybersecurity Spending Risk Reduction Is Still the Top Driver Future of the SOC Forces Shaping Modern Security Operations Data Breach Response Why This Is Important Notes Chapter 2: Opportunities Introduction Innovation The Innovator’s Dilemma Companies Often Fall into Comfortable Boxes Privacy-Preserving Technology (PET) Is Evolving Improve Business Usability How Regulatory Frameworks Drive Technological Innovations Regulation May Not Hinder Innovation Regulations Help Innovation GDPR Drives New Protection Techniques Openness or Competition in Product Markets Provides Innovation Innovation in Telecommunication Growth in Patents US Patent Filings in the Area of Granular Data Protection Understand Regulation/Technology Linkages and Technology-Driving Approaches Compliance Gives Enterprises an Assurance Complex Regulation-Technology Relations Innovation and New Initiatives in Cybersecurity Spending Examining Your Innovation Portfolio Innovation Stages Basic Innovation Stages Experimental Approaches Combining Iterative and Experimental Approaches Managing Innovation and Evolution Innovation Management Maturity Innovation Management Maturity Model Emphasis on the Six Dimensions The Opportunity Opportunities in Security Data Cataloging for Data Governance Enterprises Are Collecting More Data, but Do They Know What To Do With It? Worldwide Global Enterprise Data From Big to Small and Wide Data Notes Chapter 3: Best Practices Introduction Use Cases Use Cases Definitions Use Cases Common Challenges Use Cases Business Value Add Use Cases Technical Value Add The Future of Data Privacy Example of Simple Steps to Find a Protect Data What Regulations and Guidance Do You Need to Implement? For Example, for GDPR, These Steps to Implement Data Security Could Be Followed I Start to Scan Data Stores and Applications for Data That Need to Be Protected I Chose a Protection Technique for Different Types of Data Today’s Modern Data Protection Needs Trends in Control of Data More Data Is Outside Corporate Control What Can We Do? Data-at-Rest Encryption Only Does Not Provide Enough Protection from Data Theft Trends in Data Protection integration Confluence of Data Security Controls DSP Future State Cybersecurity Mesh API Management People and Process Data Security Governance (DSG) Privacy Infonomics Data Discovery and Classification Data Masking Database Encryption (Field/Record) Tokenization Full Disk Encryption File Encryption Enterprise Key Management (EKM) and Secret Management Privacy-Enhancing Computation (PEC) Techniques Spending on Data Protection How to Enhance Maturity Current State Gap Analysis and Interdependencies Organizational Silos and Existing Investments Semantic Sensitive-data Visibility and Control Composable Architecture Paradigm Shift from Need-to-Know to Need-to-Share Streamline Your Current Data-centric Security Architecture Data Security State Data Security Current State Data Security Future State Data Silos The Convergence Is Continuing Data Lineage, Provenance, and Catalogs Catalogs Best-in-Class Companies Impact of Privacy Laws by Region Technologies That Help Operationalize Privacy Converging Platforms Hyperconverged Data Security Platform (HDSP) Privacy Impact Assessment Life Cycle API Management Life Cycle Application Programming Interface (API) Management Encrypting and Linking Transactions A Strategic Roadmap for Data Security Platforms Summary Notes Chapter 4: Vision and Roadmap Introduction Data Growth Estimated Terabytes of Data Worldwide, 2019–2024 Reframing Security Reframing the Security Practice Rethinking Technology Technologies That Help Operationalize Privacy Enterprise Low-Code Application Platforms Summary Notes Section II: Trust and Hybrid Cloud Chapter 5: Zero Trust and Hybrid Cloud Introduction What Is Zero Trust? ZTA is a Security Plan ZT Network Access (Software Defined Perimeter) Secure Access Service Edge (SASE) Secure Access Service Edge (details) Positioning of ZTA Zero Trust Architecture Traditional Perimeter Shortcomings Steps to Build a Zero Trust Model Tenets of Zero Trust Architecture Logical Components of Zero Trust Architecture Shortcomings Identity security Current state Policy Policy Engine (PE) Policy Administrator (PA) Role-Based Policy Enforcement Policy-Based Enforcement Shortcomings Identity Security Current State Drivers Secure Access Service Edge (SASE) Why This Is Important Firewall as a Service (FWaaS) Cloud Web Application and API Protection (WAAP) Sovereign Cloud Why This Is Important Zero Trust is the First Step to Gartner’s CARTA Shortcomings Identity Security Current State Steps to Build Gartner’s CARTA Policy Open Policy Agent NSTAC, Zero Trust, and NIST 800-207 Microsegmentation Is Essential for Zero Trust Private Networks Remote Workforce Security and Ease of Use Zero Trust Maturity Model Zero Trust Maturity Model using Three Stages Pillar #5 Data Zero Trust Maturity Model Stages and Descriptions Zero Trust Maturity Model Summary Zero Trust Maturity Model for Data Technologies for Data Privacy in ZTA Migrating to Public Cloud Data Security for Hybrid Cloud Easier Segmentation That Starts with a Map Vendors for Zero Trust Network Access Market Direction Private Set Intersection Summary Notes Chapter 6: Data Protection for Hybrid Cloud Introduction Use Cases for Data Use and Data Sharing Healthcare Use Cases Financial Services Use Cases for Data Use Financial Services Use Cases Data Generation Confidence in the Cloud Continues to Grow Immutable Infrastructure Drivers Container and Kubernetes Security Drivers User Recommendations Cloud Security Posture Management Enterprise Key Management Drivers Obstacles Mitigate Data Security and Privacy Risks Identity-based Segmentation Drivers Obstacles Practical Guidance for Cloud Computing NIST Cloud Computing Reference Architecture Assessing the Risks Five Sub-Steps for Data Residency Management Security in the Cloud Service Agreements Critical Controls for SaaS Data Encryption Healthcare Standards Cloud Databases Mistakes in Multi-Cloud Environments Top Three Mistakes in Multi-Cloud Environments Hybrid Cloud DataBase Proxy Summary of Keys to Success Security for Cloud Computing A Cloud Security Assessment to assess the security capabilities of cloud providers Architecture for Encryption as a Service Data in the Cloud Policy and Enforcement Key Management Enterprisewide Encryption Key Management (EKM) Key Management Administration Bring Your Own Key Data Security Governance Cloud Key Management Keys, Key Versions, and Key Rings Key Hierarchy Cloud KMS Platform Overview Cloud KMS Platform Architectural Details Master Keys Data Residency Random Number Generation and Entropy Cloud KMS HSM Backend: HARDWARE Protection Level Cavium HSMs HSM Key Hierarchy Datastore Protection Cloud KMS: Key Import Lifecycle of a Request Cloud Access Security Brokers (CASBs) Platforms Summary Notes Chapter 7: Web 3.0 and Data Security Introduction Oracle Contracts Security Tools Embedded in the Smart Contract Development Life Cycle (DevSecOps) Smart Contract Development Lifecycle Secure Smart Contract Development Lifecycle (SSCDL) Private Data and Removal of Peers A Distributed Hash Table (DHT) Web History of the Web What Are dApps and Web3 apps? Distributed Tables Kademlia Is a Distributed Hash Table Blockchain-Based Applications Smart Contracts of Web3 apps Ethereum JavaScript API Dapp With Web3.js Clients Different Implementations OpenEthereum Overview of Strategies What Are Nodes and Clients? Decentralized Applications (DApps) Smart Contracts and DeFi DApps and Web3 Decentralized Finance (DeFi) NAP—A True Cross-blockchain Token Web3 Storage IPFS Storj Blockchains in the Quantum Era Storing Private Keys Summary Notes Section III: Data Quality Chapter 8: Metadata and The Provenance of Data Introduction Data Classification Discover, Understand, and Leverage All Your Enterprise Data Why You Need a Catalog of Catalogs? Data Intelligence A Data Marketplace Data Monetization Build a Metadata Repository Sensitive Data Mapping Discovering and Understanding Relevant Data AI and Data Lineage Cloud Modernization Customer Experience Change Management and Impact Analysis Operational Efficiency Data Security Data Governance An AI-Powered Data Catalog Essential Capabilities Data Mesh Layers Consent and Preference Management Platforms Why This Is Important Metadata Some Vendors Alibaba Cloud AWS Azure Google Cloud IBM The Provenance of Data Provenance Sketches Matrix Filter SPADE’s Use of Matrix Filters Differentially Private Synthetic Data Use Cases and Utility Differently Private Synthetic Data Generating Synthetic Data Software Tools: Marginal Distributions Data Sanitization Summary Notes Chapter 9: Data Security and Quality Introduction Data Quality Models Cell-Oriented General-Purpose Models Attribute-Oriented General-Purpose Models Record-Oriented General-Purpose Models Entropy-Based Model: This Model Has Been Proposed Here Transformation Models Data Quality Data Quality Solutions Storing Data Distributed File Systems and Object Storage Data Fabric Data Governance in Support of Data Mesh Privacy-Enhancing Computation ARX Data Anonymization Tool k-Anonymity k-Map Average Risk Population Uniqueness Sample Uniqueness l-Diversity t-Closeness δ-Disclosure Privacy β-Likeness δ-Presence Profitability Differential Privacy Production Data Nonproduction Data Data Warehousing and Analytics Data Sharing and Publishing Regulatory Compliance Use Tokenization and Format-preserving Encryption Data Field Secrecy, Privacy, and Utility Data Deidentification Architecture Choices Static Data Masking Tokenization and FPE Designs Can Be Implemented in Several Ways Design with Deidentification Limits in Mind Choose the Right Fields and Techniques to Protect Them The Science of Reidentifying Data Attacks on Privacy Deidentification Technique Choices Secure Multiparty Computation (SMPC) Barriers Homomorphic Encryption (HE) Reason This Is Relevant Operational Impact Requirements Barriers Guidance Summary Notes Chapter 10: Analytics, Data Lakes, and Federated Learning Introduction Use Cases for Data Analytics Financial Services Use Cases for Data Analytics and Data Sharing Healthcare Use Cases for Data Generation and Data Analytics Data and Analytics (D&A) Risks Auto Anonymization Auto Anonymization Based on ML Big Data and Analytics Cloud Customer Architecture for Big Data and Analytics Data Lake Architecture Best Practices Data Governance Data Catalog A Data Fabric Data and Governance Data Governance Data Quality Data Catalog Data Security Data Sharing Design Patterns for Security Auditing Access and Authorization Controls Sharing by Reference Federated Learning Summary Notes Chapter 11: Summary Glossary Notes Appendix A: The 2030 Environment Introduction Some Eras in Data Security Quantum Computing and Quantum Cryptography Any major breakthroughs Quantum Threat Solution Summary Data Protection Inventory Fields Testing Quantum Threat and Project Summary Notes Appendix B: Synthetic Data and Differential Privacy Introduction Synthetic Data Generating Microdata Artificially Randomization Techniques General Noise Addition Permutation Microaggregation Sampling Disruptions using Technology Innovation Synthetic Data in A.I. Description Benefits and Uses Benefits Risks Alternatives Sythesizing Data A Broad Definition of PETs Differential privacy Summary Notes Appendix C: API Security Introduction What You Need to Do to Protect Your APIs Recommendations Adopt a Continuous Approach to API Security Use a Distributed Enforcement Model to Protect APIs across Your Entire Confidence in Cloud Continues to Grow Obstacles APIs Are the Mechanism for Data Access What Mechanisma Do You Use to Document and Inventory Your API? Best Practices for API Discovery and Cataloging Security Testing Best Practices for Security Testing Include API Mediation and Architecture Best Practices for API Mediation and Architecture Include Data Security Best Practices for Data Security Include Best Practices for Authentication and Authorization Include Immutable Infrastructure Summary Notes Appendix D: Blockchain Architecture and Zero-Knowledge Proof Introduction Reduce Operational Costs and Friction Cloud Customer Architecture for Blockchain Blockchain Basics High-Level View of a Blockchain Components of a Blockchain Runtime Flow Security Decentralized Identity (DCI) Zero-knowledge Proofs (ZKPs) How Blockchain Technology Works–Asymmetric Encryption Overview of a Blockchain–Workflow Sharding and Pruning Security Risks to Blockchain Ecosystems Problem Areas Problem Area 1 Challenge–Smart Contract Security Challenge–Consensus Protocol Security Solution Areas Secure Transaction Ledgers A Zero-knowledge Proof Requires Three Properties Applications SNARKs vs STARKs SNARKs STARKs Smart Contracts Marketplace Blockchain with Private Data Running Medical Studies Detecting Insurance Fraud Solution Data Encrypted with Multiple Keys Secure Multiparty Computation Data Encrypted with Their Own Secret Key Smart Contracts Business Objectives of Smart Contract Who Are Your End Users? Does Your Smart Contract Transact Currency? Does Your Smart Contract Transfer Asset Titles? Smart Contract Layer’s Interaction with Other Architectural Layers Hyperledger Frameworks Supporting Smart Contracts Threat Modeling What Is Threat Modeling? Why Create a Threat Model? Threat Modeling Basics Define Business Objectives/Requirements Define the Scope of Threat Model Coverage Identify Weaknesses, Vulnerabilities, and Threats Analyze risk and impact Be Aware of Blockchain Properties Common Hyperledger Smart Contract Security Patterns and Vulnerabilities A Closer Look at Two of the Vulnerabilities: #1 Updates Using Rich Queries – Also Referred to as “Range Query Risk” Countermeasures #2 Pseudorandom Number Generator Countermeasures Centralized Oracles I.B.M.’s Blockchain-Based Vaccine Passport Summary Notes Appendix E: Data Governance Tools Introduction Risk Assessment Data Risk Assessment Operational Relevance Requirements Barriers Risks Assessment Financial Data Risk Assessment (FinDRA) Requirements Barriers Privacy Impact Assessments (PIAs) Requirements Barriers Guidance Framework to Balance Business Needs and Risks Recommendations Data Classification Impact Requirements Barriers Privacy Management Tools Importance Operational Impact Barriers Guidance Ensuring Protection of Your Data Encryption Complexity Measure Risk Measure Re-Identification Risk in Structured Data Popular Features Risk Tools Subject Rights Requests (SRRs) Why This Is Important Summary Notes Index
دانلود کتاب Controlling Privacy and the Use of Data Assets - Volume 2 : What Is the New World Currency – Data or Trust?