Book Image

Cybersecurity and Privacy Law Handbook

By : Walter Rocchi
5 (1)
Book Image

Cybersecurity and Privacy Law Handbook

5 (1)
By: Walter Rocchi

Overview of this book

Cybercriminals are incessantly coming up with new ways to compromise online systems and wreak havoc, creating an ever-growing need for cybersecurity practitioners in every organization across the globe who understand international security standards, such as the ISO27k family of standards. If you’re looking to ensure that your company's data conforms to these standards, Cybersecurity and Privacy Law Handbook has got you covered. It'll not only equip you with the rudiments of cybersecurity but also guide you through privacy laws and explain how you can ensure compliance to protect yourself from cybercrime and avoid the hefty fines imposed for non-compliance with standards. Assuming that you're new to the field, this book starts by introducing cybersecurity frameworks and concepts used throughout the chapters. You'll understand why privacy is paramount and how to find the security gaps in your company's systems. There's a practical element to the book as well—you'll prepare policies and procedures to prevent your company from being breached. You’ll complete your learning journey by exploring cloud security and the complex nature of privacy laws in the US. By the end of this cybersecurity book, you'll be well-placed to protect your company's data and comply with the relevant standards.

Related Content you might be interested in

Current Title:

Small book image
Cybersecurity and Privacy Law Handbook
Walter Rocchi
Dec, 2022 | 230 pages
Small book image
Mastering Information Security Compliance Management
Greeshma M R | Adarsh Nair
Aug, 2023 | 236 pages
Small book image
Cybersecurity Blue Team Strategies
Kunal Sehgal | Nikolaos Thymianis
Feb, 2023 | 208 pages
Small book image
Cybersecurity Leadership Demystified
Erdal Ozkaya
Jan, 2022 | 274 pages
Table of Contents (18 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: Start From the Basics
Part 1: Start From the Basics
Free Chapter
2
Chapter 1: ISO27001 – Definitions and Security Concepts
Chapter 1: ISO27001 – Definitions and Security Concepts
The 27k family of standards
Confidentiality, integrity, and availability
Information security concepts and definitions
Governance, policies, and incident management
Differences between ISO 27001 and NIST
Summary
3
Part 2: Into the Wild
Part 2: Into the Wild
4
Chapter 2: Mandatory Requirements
Chapter 2: Mandatory Requirements
iSMS, controls, commitment, context, scope policy, and objectives
Identify, Protect, Detect, Respond, and Recover
Can ISO 27001 and NIST coexist?
Summary
5
Chapter 3: Data Protection
Chapter 3: Data Protection
What is privacy (and why do we desperately need it)?
GDPR and his brothers
Why deal with data protection?
The six principles of the GDPR
Summary
6
Chapter 4: Data Processing
Chapter 4: Data Processing
The data controller
The data processor
Accountability
EU–US Privacy Shield
Summary
7
Chapter 5: Security Planning and Risk Management
Chapter 5: Security Planning and Risk Management
Security threats and challenges
Implementing a risk management program
Summary
8
Part 3: Escape from Chaos
Part 3: Escape from Chaos
9
Chapter 6: Define ISO 27001 Mandatory Requirements
Chapter 6: Define ISO 27001 Mandatory Requirements
ISO 27001 operations
ISO 27001 support requirements (or Clause 7)
Summary
10
Chapter 7: Risk Management, Controls, and Policies
Chapter 7: Risk Management, Controls, and Policies
Elements of project risk management
Data classification
ISO 27001 controls
Summary
11
Chapter 8: Preparing Policies and Procedures to Avoid Internal Risk
Chapter 8: Preparing Policies and Procedures to Avoid Internal Risk
Company policies
Policy writing instructions
Company procedures
Summary
12
Chapter 9: Social Engineering, Password Guidance, and Policy
Chapter 9: Social Engineering, Password Guidance, and Policy
The starting point
Common social engineering attack methods
Have you got a M.A.P.P.?
Summary
13
Chapter 10: The Cloud
Chapter 10: The Cloud
How did the cloud emerge?
The seven pain points of cloud computing
Cloud and GDPR concerns
The GDPR code of conduct for CSPs
Summary
14
Chapter 11: What about the US?
Chapter 11: What about the US?
The US status of privacy
The FTC
An overview of Section 5 of the FTC Act
NIST and FTC
BYOD
Remote working
What privacy rights are available to employees?
Summary
15
Index
Index
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
Appendix
Appendix
ISO 27002
Privacy
VA/PT

Have you got a M.A.P.P.?

What exactly is a M.A.P.P.? It is an abbreviation for Mitigation and Prevention Plan. Now, we will understand the meaning of M.A.P.P. We need one of these to prevent and prepare for social engineering attacks. You can easily set up a M.A.P.P. by following these four steps:

  • Learn how to recognize social engineering attacks (by creating a team of professional and requesting a third-party company, able to simulate social engineering attacks, to create a real-world scenario)
  • Develop realistic and implementable policies
  • Conduct periodic real-world audits
  • Implement applicable security awareness programs

Step 1 – learn how to recognize social engineering attacks

Although this first step seems obvious, it is not. How many individuals in your organization are able to define phishing, vishing, smishing, and impersonation attacks? How many people do you believe are aware of how risky it is for an attacker to get the identity of your...

Previous Section
End of Section 4
Next Section