Privacy and data protection Books

Book SynopsisTable of ContentsContents: Foreword I by Adam Mitton Foreword II by Ingrid Ødegaard 1 GDPR for startups and scaleups: an introduction SETTING THE SCENE AND KEY CONCEPTS 2 Setting the scene and key concepts BEFORE YOU START YOUR DATA PROTECTION PROGRAMME 3 Before you start your data protection programme PHASE 1: FOUNDATIONS OF YOUR DATA PROTECTION PROGRAMME 4 Data protection user experience (UX) 5 Data maps and records of processing activity 6 Administrative matters 7 Respecting people’s rights 8 Marketing PHASE 2: DEVELOPING YOUR DATA PROTECTION PROGRAMME 9 International transfers of personal data 10 Data incidents and breaches 11 Accountability, assessments and record keeping 12 Cookies, pixels and tracking technologies 13 Contract negotiations 14 Online advertising ADDITIONAL MATTERS TO CONSIDER AND FINAL THOUGHTS 15 Additional matters to consider 16 Final thoughts Index

Read more less

Book SynopsisTrade Review‘Facial recognition technologies (FRT) are spreading rapidly worldwide, and have become embedded in numerous everyday government and corporate practices. This widespread adoption has prompted extensive criticism, particularly from civil society groups concerned about human rights abuses and discriminatory impacts for marginalized and vulnerable communities. In Identified, Tracked, and Profiled, Peter Dauvergne provides a much-needed and thoroughly comprehensive overview of the regulatory issues and policy disputes around FRT. This book is essential reading for those interested in political contests over our changing digital landscape.’ -- Ron Deibert, University of Toronto, CanadaTable of ContentsContents: PART I INTRODUCTION 1. Introducing facial recognition technology 2. Resisting the normalization of facial recognition PART II REINING IN FACIAL RECOGNITION TECHNOLOGY 3. The movement to oppose facial recognition 4. The politics of facial recognition bans in the United States 5. Regulating facial recognition in the United States 6. Rising global opposition to face surveillance PART III THE GLOBAL POLITICAL ECONOMY OF FACIAL RECOGNITION 7. The corporate politics of facial recognition 8. The everyday politics of facial recognition in China 9. The globalization of facial recognition technology PART IV CONCLUSIONS 10. The future of facial recognition technology Appendix: interviews Index

Read more less

Book SynopsisExplains how privacy laws are overridden by technology companies and how they can be improved. Drawing from behavioral science, psychology, sociology, and economics, the book dispels misconceptions that trap us into ineffective approaches to growing digital harms. It then develops solutions based on corporate accountability.Trade Review'To protect privacy in the digital age, Ignacio Cofone argues, we must rethink privacy harms. These harms are social and systemic as well as individual, and they will not be remedied by market and contractual approaches. This beautifully written book is an excellent introduction to problems of digital exploitation that affect everyone.' Jack Balkin, Yale Law School'Why are privacy rules failing us when we need them the most? In this superb book, Ignacio Cofone expertly threads together privacy law's many missteps and proposes a way forward that doesn't rest on myths and misconceptions. The Privacy Fallacy clearly and effectively stakes out an essential turning point for lawmakers and society: We either commit to holding companies liable for the full range of harms they cause, or we continue to indulge in the fantasy that privacy can be individually negotiated and that our laws have it under control.' Woodrow Hartzog, Boston University'With the rigor of an economist and the heart of a humanist, Cofone explores why privacy law has been disappointingly powerless in today's data-driven society. He proposes a new understanding of privacy harm to ground a more effective liability regime. A clear and engaging read for experts and interested laypeople alike!' Katherine J. Strandburg, New York University School of LawTable of ContentsIntroduction; 1. The traditionalist approach to privacy; 2. The privacy myths: rationality and apathy; 3. The consent illusion; 4. Manipulation by design; 5. Traditionalist data protection rules; 6. Pervasive data harms; 7. Privacy as corporate accountability; Conclusion.

Read more less

Book SynopsisTable of ContentsAcknowledgments xi Foreword xix Preface xxi 1 A Look into the New World of Professional Social Engineering . What Has Changed? 2 Why Should You Read This Book? 4 An Overview of Social Engineering 6 The SE Pyramid 11 What’s in This Book? 14 Summary 15 2 Do You See What I See? 17 A Real-World Example of Collecting OSINT 17 Nontechnical OSINT 22 Tools of the Trade 59 Summary 61 3 Profiling People Through Communication 63 The Approach 66 Enter the DISC 68 Summary 80 4 Becoming Anyone You Want to Be 83 The Principles of Pretexting 84 Summary 98 5 I Know How to Make You Like Me 101 The Tribe Mentality 103 Building Rapport as a Social Engineer 105 The Rapport Machine 120 Summary 121 6 Under the Influence 123 Principle One: Reciprocity 125 Principle Two: Obligation 128 Principle Three: Concession 131 Principle Four: Scarcity 134 Principle Five: Authority 137 Principle Six: Consistency and Commitment 142 Principle Seven: Liking 146 Principle Eight: Social Proof 148 Influence vs. Manipulation 151 Summary 156 7 Building Your Artwork 157 The Dynamic Rules of Framing 159 Elicitation 168 Summary 182 8 I Can See What You Didn’t Say 183 Nonverbals Are Essential 184 All Your Baselines Belong to Us 187 Understand the Basics of Nonverbals 196 Comfort vs. Discomfort 198 Summary 220 9 Hacking the Humans 223 An Equal Opportunity Victimizer 224 The Principles of the Pentest 225 Phishing 229 Vishing 233 SMiShing 240 Impersonation 241 Reporting 246 Top Questions for the SE Pentester 250 Summary 254 10 Do You Have a M.A.P.P.? 257 Step 1: Learn to Identify Social Engineering Attacks 259 Step 2: Develop Actionable and Realistic Policies 261 Step 3: Perform Regular Real-World Checkups 264 Step 4: Implement Applicable Security-Awareness Programs 266 Tie It All Together 267 Gotta Keep ’Em Updated 268 Let the Mistakes of Your Peers Be Your Teacher 270 Create a Security Awareness Culture 271 Summary 274 11 Now What? 277 Soft Skills for Becoming an Social Engineer 277 Technical Skills 280 Education 281 Job Prospects 283 The Future of Social Engineering 284 Index 287

Read more less

Book SynopsisThe definitive guide for ensuring data privacy and GDPR compliance Privacy regulation is increasingly rigorous around the world and has become a serious concern for senior management of companies regardless of industry, size, scope, and geographic area. The Global Data Protection Regulation (GDPR) imposes complex, elaborate, and stringent requirements for any organization or individuals conducting business in the European Union (EU) and the European Economic Area (EEA)while also addressing the export of personal data outside of the EU and EEA. This recently-enacted law allows the imposition of fines of up to 5% of global revenue for privacy and data protection violations. Despite the massive potential for steep fines and regulatory penalties, there is a distressing lack of awareness of the GDPR within the business community. A recent survey conducted in the UK suggests that only 40% of firms are even aware of the new law and their responsibilities to maintain compliance. The Data PrTable of Contents1 Origins and Concepts of Data Privacy 1 1.1 Questions and Challenges of Data Privacy 2 1.1.1 But Cupid Turned Out to Be Not OK 3 1.2 The Conundrum of Voluntary Information 3 1.3 What is Data Privacy? 5 1.3.1 Physical Privacy 5 1.3.2 Social Privacy Norms 5 1.3.3 Privacy in a Technology-Driven Society 5 1.4 Doctrine of Information Privacy 6 1.4.1 Information Sharing Empowers the Recipient 6 1.4.2 Monetary Value of Individual Privacy 7 1.4.3 “Digital Public Spaces” 7 1.4.4 A Model Data Economy 8 1.5 Notice-and-Choice versus Privacy-as-Trust 9 1.6 Notice-and-Choice in the US 9 1.7 Enforcement of Notice-and-Choice Privacy Laws 11 1.7.1 Broken Trust and FTC Enforcement 11 1.7.2 The Notice-and-Choice Model Falls Short 12 1.8 Privacy-as-Trust: An Alternative Model 13 1.9 Applying Privacy-as-Trust in Practice: The US Federal Trade Commission 14 1.9.1 Facebook as an Example 15 1.10 Additional Challenges in the Era of Big Data and Social Robots 16 1.10.1 What is a Social Robot? 16 1.10.2 Trust and Privacy 17 1.10.3 Legal Framework for Governing Social Robots 17 1.11 The General Data Protection Regulation (GDPR) 18 1.12 Chapter Overview 19 Notes 21 2 A Brief History of Data Privacy 23 2.1 Privacy as One’s Castle 23 2.1.1 Individuals’ “Castles” Were Not Enough 24 2.2 Extending Beyond the “Castle” 24 2.3 Formation of Privacy Tort Laws 24 2.3.1 A Privacy Tort Framework 25 2.4 The Roots of Privacy in Europe and the Commonwealth 25 2.5 Privacy Encroachment in the Digital Age 26 2.5.1 Early Digital Privacy Laws Were Organic 27 2.5.2 Growth in Commercial Value of Individual Data 27 2.6 The Gramm-Leach-Bliley Act Tilted the Dynamic against Privacy 28 2.7 Emergence of Economic Value of Individual Data for Digital Businesses 29 2.7.1 The Shock of the 9/11 Attacks Affected Privacy Protection Initiatives 29 2.7.2 Surveillance and Data Collection Was Rapidly Commercialized 30 2.7.3 Easing of Privacy Standards by the NSA Set the Tone at the Top 30 2.8 Legislative Initiatives to Protect Individuals’ Data Privacy 31 2.9 The EU Path 33 2.9.1 The Internet Rights Revolution 34 2.9.2 Social Revolutions 34 2.10 End of the Wild West? 37 2.11 Data as an Extension of Personal Privacy 37 2.12 Cambridge Analytica: A Step Too Far 39 2.13 The Context of Privacy in Law Enforcement 39 Summary 41 Notes 41 3 GDPR’s Scope of Application 45 3.1 When Does GDPR Apply? 45 3.1.1 “Processing” of Data 46 3.1.2 “Personal Data” 47 3.1.3 Exempted Activities under GDPR 51 3.2 The Key Players under GDPR 52 3.3 Territorial Scope of GDPR 54 3.3.1 Physical Presence in the EU 54 3.3.2 Processing Done in the Context of the Activities 55 3.3.3 Users Based in the EU 56 3.3.4 “Time of Stay” Standard 57 3.4 Operation of Public International Law 57 Notes 57 4 Technical and Organizational Requirements under GDPR 61 4.1 Accountability 61 4.2 The Data Controller 62 4.2.1 Responsibilities of the Controller 63 4.2.2 Joint Controllers and Allocating Liability 65 4.2.3 The Duty to Cooperate with the SA 68 4.3 Technical and Organizational Measures 69 4.3.1 Maintain a Data-Protection Level 69 4.3.2 Minimum Requirements for Holding a Data Protection Level 69 4.3.3 Weighing the Risks 70 4.3.4 The Network and Information Systems Directive 71 4.4 Duty to Maintain Records of Processing Activities 72 4.4.1 Content of Controller’s Records 72 4.4.2 Content of Processor’s Records 73 4.4.3 Exceptions to the Duty 73 4.5 Data Protection Impact Assessments 73 4.5.1 Types of Processing That Require DPIA 74 4.5.2 Scope of Assessment 75 4.5.3 Business Plan Oversight 78 4.6 The Data Protection Officer 80 4.6.1 Designation of DPO 80 4.6.2 Qualifications and Hiring a DPO 81 4.6.3 Position of the DPO 81 4.6.4 Tasks of the DPO 82 4.6.5 An Inherent Conflict of Interest? 83 4.6.6 DPO Liability 84 4.7 Data Protection by Design and Default 84 4.7.1 Data Protection at the Outset 84 4.7.2 Balancing the Amount of Protection 85 4.7.3 Applying Data Protection by Design 86 4.7.4 Special Case: Blockchain Technology and GDPR 91 4.8 Data Security during Processing 92 4.8.1 Data Security Measures 93 4.8.2 Determining the Risk Posed 94 4.8.3 Data Protection Management Systems: A “Technical and Organizational Measure” 94 4.9 Personal Data Breaches 94 4.9.1 Overview of Data Breaches 95 4.9.2 The Controller’s Duty to Notify 103 4.9.3 Controller’s Duty to Communicate the Breach to Data Subjects 106 4.10 Codes of Conduct and Certifications 107 4.10.1 Purpose and Relationship under GDPR 107 4.10.2 Codes of Conduct 108 4.10.3 Certification 110 4.11 The Data Processor 112 4.11.1 Relationship between Processor and Controller 112 4.11.2 Responsibilities of Controller in Selecting a Processor 113 4.11.3 Duties of the Processor 114 4.11.4 Subprocessors 116 Notes 116 5 Material Requisites for Processing under GDPR 125 5.1 The Central Principles of Processing 125 5.1.1 Lawful, Fair, and Transparent Processing of Data 126 5.1.2 Processing Limited to a “Purpose” 127 5.1.3 Data Minimization and Accuracy 130 5.1.4 Storage of Data 131 5.1.5 Integrity and Confidentiality of the Operation 131 5.2 Legal Grounds for Data Processing 132 5.2.1 Processing Based on Consent 132 5.2.2 Processing Based on Legal Sanction 144 5.2.3 Changing the Processing “Purpose” 148 5.2.4 Special Categories of Data 149 5.3 International Data Transfers 161 5.3.1 Adequacy Decisions and “Safe” Countries 162 5.3.2 Explicit Consent 166 5.3.3 Standard Contractual Clauses 166 5.3.4 The EU–US Privacy Shield 169 5.3.5 Binding Corporate Rules 172 5.3.6 Transfers Made with or without Authorization 175 5.3.7 Derogations 177 5.3.8 Controllers Outside of the EU 180 5.4 Intragroup Processing Privileges 182 5.5 Cooperation Obligation on EU Bodies 183 5.6 Foreign Law in Conflict with GDPR 184 Notes 185 6 Data Subjects’ Rights 193 6.1 The Controller’s Duty of Transparency 194 6.1.1 Creating the Modalities 194 6.1.2 Facilitating Information Requests 195 6.1.3 Providing Information to Data Subjects 195 6.1.4 The Notification Obligation 196 6.2 The Digital Miranda Rights 197 6.2.1 Accountability Information 197 6.2.2 Transparency Information 198 6.2.3 Timing 200 6.2.4 Defenses for Not Providing Information 200 6.3 The Right of Access 201 6.3.1 Accessing Personal Data 201 6.3.2 Charging a “Reasonable Fee” 202 6.4 Right of Rectification 203 6.4.1 Inaccurate Personal Data 204 6.4.2 Incomplete Personal Data 204 6.4.3 Handling Requests 204 6.5 Right of Erasure 205 6.5.1 Development of the Right 205 6.5.2 The Philosophical Debate 206 6.5.3 Circumstances for Erasure under GDPR 209 6.5.4 Erasure of Personal Data Which Has Been Made Public 211 6.5.5 What is “Erasure” of Personal Data? 212 6.5.6 Exceptions to Erasure 212 6.6 Right to Restriction 214 6.6.1 Granting Restriction 215 6.6.2 Exceptions to Restriction 216 6.7 Right to Data Portability 216 6.7.1 The Format of Data and Requirements for Portability 217 6.7.2 Business Competition Issues 218 6.7.3 Intellectual Property Issues 219 6.7.4 Restrictions on Data Portability 220 6.8 Rights Relating to Automated Decision Making 221 6.8.1 The Right to Object 221 6.8.2 Right to Explanation 223 6.8.3 Profiling 224 6.8.4 Exceptions 225 6.8.5 Special Categories of Data 225 6.9 Restrictions on Data Subject Rights 226 6.9.1 Nature of Restrictions Placed 226 6.9.2 The Basis of Restrictions 227 Notes 228 7 GDPR Enforcement 233 7.1 In-House Mechanisms 233 7.1.1 A Quick Review 234 7.1.2 Implementing an Internal Rights Enforcement Mechanism 235 7.2 Data Subject Representation 240 7.2.1 Standing of NPOs to Represent Data Subjects 240 7.2.2 Digital Rights Activism 241 7.3 The Supervisory Authorities 241 7.3.1 Role of Supervisory Authority 241 7.3.2 The Members of the Supervisory Authority 242 7.3.3 An Independent Body 243 7.3.4 Professional Secrecy 243 7.3.5 Competence of the Supervisory Authority 244 7.3.6 Tasks of the Supervisory Authority 246 7.3.7 Powers of the SA 248 7.3.8 Cooperation and Consistency Mechanism 250 7.3.9 GDPR Enforcement by Supervisory Authorities 252 7.4 Judicial Remedies 253 7.4.1 Judicial Action against the Controller or Processor 253 7.4.2 Courts versus SA; Which is Better for GDPR Enforcement? 254 7.4.3 Judicial Action against the Supervisory Authority 254 7.4.4 Controller Suing the Data Subject? 256 7.4.5 Suspending the Proceedings 257 7.5 Alternate Dispute Resolution 258 7.5.1 Is an ADR Arrangement Allowed under GDPR? 260 7.5.2 ADR Arrangements 260 7.5.3 Key Hurdles of Applying ADR to GDPR 261 7.5.4 Suggestions for Implementing ADR Mechanisms 263 7.6 Forum Selection Clauses 265 7.7 Challenging the Existing Law 266 Notes 267 8 Remedies 271 8.1 Allocating Liability 271 8.1.1 Controller Alone Liable 271 8.1.2 Processor Alone Liable 272 8.1.3 Joint and Several Liabilities 272 8.2 Compensation 273 8.2.1 Quantifying “Full Compensation” 273 8.2.2 Conflict in the Scope of “Standing” in Court 274 8.3 Administrative Fines 275 8.3.1 Fines for Regulatory Infringements 275 8.3.2 Fines for Grave Infringements 276 8.3.3 Determining the Quantum of the Fine 276 8.4 Processing Injunctions 279 8.4.1 Domestic Law 279 8.4.2 The EU Injunction Directive 280 8.4.3 The SA’s Power to Restrain Processing 281 8.5 Specific Performance 283 Notes 284 9 Governmental Use of Data 287 9.1 Member State Legislations 287 9.2 Processing in the “Public Interest” 291 9.2.1 What is Public Interest? 291 9.2.2 Public Interest as a “Legal Basis” for Processing 292 9.2.3 State Use of “Special” Data 292 9.2.4 Processing Relating to Criminal Record Data 294 9.3 Public Interest and the Rights of a Data Subject 294 9.3.1 Erasure and Restriction of Data Processing 294 9.3.2 Data Portability 295 9.3.3 Right to Object 296 9.3.4 Right to Explanation 296 9.4 Organizational Exemptions and Responsibilities 297 9.4.1 Representatives for Controllers Not within the EU 297 9.4.2 General Impact Assessments in Lieu of a Data Protection Impact Assessment (DPIA) 297 9.4.3 Designation of a Data Protection Office (DPO) 298 9.4.4 Monitoring of Approved Codes of Conduct 299 9.4.5 Third-Country Transfers 299 9.5 Public Documents and Data 301 9.5.1 The Network and Information Systems Directive 301 9.5.2 Telemedia Data Protection 302 9.5.3 National Identification Numbers 303 9.6 Archiving 304 9.7 Handling Government Subpoenas 305 9.8 Public Interest Restrictions on GDPR 305 9.9 Processing and Freedom of Information and Expression 306 9.9.1 Journalism and Expression under GDPR 306 9.9.2 Combating “Fake News” in the Modern Age 307 9.10 State Use of Encrypted Data 308 9.11 Employee Data Protection 309 9.11.1 The Opening Clause 310 9.11.2 Employment Agreements 311 9.11.3 The German Betriebsrat 312 9.11.4 The French “Comité d’enterprise” 313 Notes 314 10 Creating a GDPR Compliance Department 319 10.1 Step 1: Establish a “Point Person” 319 10.2 Step 2: Internal Data Audit 321 10.3 Step 3: Budgeting 322 10.4 Step 4: Levels of Compliance Needed 323 10.4.1 Local Legal Standards 323 10.4.2 Enhanced Legal Standards for International Data Transfers 324 10.4.3 International Legal Standards 324 10.4.4 Regulatory Standards 324 10.4.5 Contractual Obligations 324 10.4.6 Groups of Undertakings 325 10.5 Step 5: Sizing Up the Compliance Department 325 10.6 Step 6: Curating the Department to Your Needs 326 10.6.1 “In-House” Employees 326 10.6.2 External Industry Operators 326 10.6.3 Combining the Resources 327 10.7 Step 7: Bring Processor Partners into Compliance 327 10.8 Step 8: Bring Affiliates into Compliance 328 10.9 Step 9: The Security of Processing 328 10.10 Step 10: Revamping Confidentiality Procedures 329 10.11 Step 11: Record Keeping 329 10.12 Step 12: Educate Employees on New Protocols 330 10.13 Step 13: Privacy Policies and User Consent 331 10.14 Step 14: Get Certified 331 10.15 Step 15: Plan for the Worst Case Scenario 331 10.16 Conclusion 332 Notes 332 11 Facebook: A Perennial Abuser of Data Privacy 335 11.1 Social Networking as an Explosive Global Phenomenon 335 11.2 Facebook is Being Disparaged for Its Data Privacy Practices 335 11.3 Facebook Has Consistently Been in Violation of GDPR Standards 336 11.4 The Charges against Facebook 336 11.5 What is Facebook? 337 11.6 A Network within the Social Network 337 11.7 No Shortage of “Code of Conduct” Policies 338 11.8 Indisputable Ownership of Online Human Interaction 339 11.9 Social Networking as a Mission 339 11.10 Underlying Business Model 340 11.11 The Apex of Sharing and Customizability 341 11.12 Bundling of Privacy Policies 341 11.13 Covering All Privacy Policy Bases 342 11.14 Claims of Philanthropy 343 11.15 Mechanisms for Personal Data Collection 344 11.16 Advertising: The Big Revenue Kahuna 346 11.17 And Then There is Direct Marketing 347 11.18 Our Big (Advertiser) Brother 347 11.19 A Method to Snooping on Our Clicks 348 11.20 What Do We Control (or Think We Do)? 349 11.20.1 Ads Based on Data from FB Partners 350 11.20.2 Ads Based on Activity on FB That is Seen Elsewhere 350 11.20.3 Ads That Include Your Social Actions 351 11.20.4 “Hiding” Advertisements 351 11.21 Even Our Notifications Can Produce Revenue 352 11.22 Extent of Data Sharing 353 11.23 Unlike Celebrities, We Endorse without Compensation 354 11.24 Whatever Happened to Trust 355 11.25 And to Security of How We Live 355 11.26 Who is Responsible for Security of Our Life Data? 356 11.27 And Then There Were More 359 11.28 Who is Responsible for Content? 359 11.29 Why Should Content Be Moderated? 360 11.30 There are Community Standards 361 11.31 Process for Content Moderation 369 11.31.1 Identifying and Determining Content Removal Requests 369 11.32 Prospective Content Moderation “Supreme Court” 370 11.33 Working with Governmental Regimes 370 11.34 “Live” Censorship 371 11.35 Disinformation and “Fake” News 372 11.35.1 “Disinformation” 372 11.35.2 False News Policy 374 11.35.3 Fixing the “Fake News” Problem 375 11.36 Conclusion 380 Notes 386 12 Facebook and GDPR 393 12.1 The Lead Supervisory Authority 393 12.2 Facebook nicht spricht Deutsch 393 12.3 Where is the Beef? Fulfilling the Information Obligation 394 12.4 Data Processing Purpose Limitation 395 12.5 Legitimate Interests Commercial “Restraint” Needed 396 12.6 Privacy by Design? 398 12.7 Public Endorsement of Personalized Shopping 398 12.8 Customizing Data Protection 399 12.9 User Rights versus Facebook’s Obligations 400 12.10 A Digital Blueprint and a GDPR Loophole 401 12.11 Investigations Ahead 402 12.12 Future Projects 403 Notes 404 13 The Future of Data Privacy 407 13.1 Our Second Brain 407 13.2 Utopian or Dystopian? 409 13.3 Digital Empowerment: Leveling the Playing Field 410 Notes 412 Appendix: Compendium of Data Breaches 413 About the Authors 467 Index 469

Read more less

Book SynopsisTable of ContentsIntroduction xi 1 Crime, Terrorism, Spying, and War 1 Cyberconflicts and National Security 1 Counterterrorism Mission Creep 4 Syrian Electronic Army Cyberattacks 7 The Limitations of Intelligence 8 Computer Network Exploitation vs Computer Network Attack 11 iPhone Encryption and the Return of the Crypto Wars 13 Attack Attribution and Cyber Conflict 16 Metal Detectors at Sports Stadiums 19 The Future of Ransomware 21 2 Travel and Security 25 Hacking Airplanes 25 Reassessing Airport Security 28 3 Internet of Things 31 Hacking Consumer Devices 31 Security Risks of Embedded Systems 32 Samsung Television Spies on Viewers 36 Volkswagen and Cheating Software 38 DMCA and the Internet of Things 41 Real-World Security and the Internet of Things 43 Lessons from the Dyn DDoS Attack 47 Regulation of the Internet of Things 50 Security and the Internet of Things 53 Botnets 69 IoT Cybersecurity: What’s Plan B? 70 4 Security and Technology 73 The NSA’s Cryptographic Capabilities 73 iPhone Fingerprint Authentication 76 The Future of Incident Response 78 Drone Self-Defense and the Law 81 Replacing Judgment with Algorithms 83 Class Breaks 87 5 Elections and Voting 89 Candidates Won’t Hesitate to Use Manipulative Advertising to Score Votes 89 The Security of Our Election Systems 91 Election Security 93 Hacking and the 2016 Presidential Election 96 6 Privacy and Surveillance 99 Restoring Trust in Government and the Internet 99 The NSA is Commandeering the Internet 102 Conspiracy Theories and the NSA 104 How to Remain Secure against the NSA 106 Air Gaps 110 Why the NSA’s Defense of Mass Data Collection Makes No Sense 114 Defending Against Crypto Backdoors 117 A Fraying of the Public/Private Surveillance Partnership 121 Surveillance as a Business Model 123 Finding People’s Locations Based on Their Activities in Cyberspace 125 Surveillance by Algorithm 128 Metadata = Surveillance 132 Everyone Wants You to Have Security, But Not from Them 133 Why We Encrypt 136 Automatic Face Recognition and Surveillance 137 The Internet of Things that Talk about You behind Your Back 141 Security vs Surveillance 143 The Value of Encryption 145 Congress Removes FCC Privacy Protections on Your Internet Usage 148 Infrastructure Vulnerabilities Make Surveillance Easy 150 7 Business and Economics of Security 155 More on Feudal Security 155 The Public/Private Surveillance Partnership 158 Should Companies Do Most of Their Computing in the Cloud? 160 Security Economics of the Internet of Things 165 8 Human Aspects of Security 169 Human-Machine Trust Failures 169 Government Secrecy and the Generation Gap 171 Choosing Secure Passwords 173 The Human Side of Heartbleed 177 The Security of Data Deletion 179 Living in a Code Yellow World 180 Security Design: Stop Trying to Fix the User 182 Security Orchestration and Incident Response 184 9 Leaking, Hacking, Doxing, and Whistleblowing 189 Government Secrets and the Need for Whistleblowers 189 Protecting Against Leakers 193 Why the Government Should Help Leakers 195 Lessons from the Sony Hack 197 Reacting to the Sony Hack 200 Attack Attribution in Cyberspace 203 Organizational Doxing 205 The Security Risks of Third-Party Data 207 The Rise of Political Doxing 210 Data is a Toxic Asset 211 Credential Stealing as an Attack Vector 215 Someone is Learning How to Take Down the Internet 216 Who is Publishing NSA and CIA Secrets, and Why? 218 Who are the Shadow Brokers? 222 On the Equifax Data Breach 226 10 Security, Policy, Liberty, and Law 229 Our Newfound Fear of Risk 229 Take Back the Internet 232 The Battle for Power on the Internet 234 How the NSA Threatens National Security 241 Who Should Store NSA Surveillance Data? 244 Ephemeral Apps 247 Disclosing vs Hoarding Vulnerabilities 249 The Limits of Police Subterfuge 254 When Thinking Machines Break the Law 256 The Democratization of Cyberattack 258 Using Law against Technology 260 Decrypting an iPhone for the FBI 263 Lawful Hacking and Continuing Vulnerabilities 265 The NSA is Hoarding Vulnerabilities 267 WannaCry and Vulnerabilities 271 NSA Document Outlining Russian Attempts to Hack Voter Rolls 275 Warrant Protections against Police Searches of Our Data 277 References 281

Read more less

Book SynopsisAvoid becoming the next ransomware victim by taking practical steps today Colonial Pipeline. CWT Global. Brenntag. Travelex. The list of ransomware victims is long, distinguished, and sophisticated. And it's growing longer every day. In Ransomware Protection Playbook, computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense against one of the most insidious and destructive IT threats currently in the wild. You'll learn about concrete steps you can take now to protect yourself or your organization from ransomware attacks. In addition to walking you through the necessary technical preventative measures, this critical book will show you how to: Quickly detect an attack, limit the damage, and decide whether to pay the ransomImplement a pre-set game plan in the event of a game-changing security breach to help limit the reputational and financial damageLay down a secure foundation of cybersecuritTable of ContentsAcknowledgments xi Introduction xxi Part I: Introduction 1 Chapter 1: Introduction to Ransomware 3 How Bad is the Problem? 4 Variability of Ransomware Data 5 True Costs of Ransomware 7 Types of Ransomware 9 Fake Ransomware 10 Immediate Action vs. Delayed 14 Automatic or Human-Directed 17 Single Device Impacts or More 18 Ransomware Root Exploit 19 File Encrypting vs. Boot Infecting 21 Good vs. Bad Encryption 22 Encryption vs. More Payloads 23 Ransomware as a Service 30 Typical Ransomware Process and Components 32 Infiltrate 32 After Initial Execution 34 Dial-Home 34 Auto-Update 37 Check for Location 38 Initial Automatic Payloads 39 Waiting 40 Hacker Checks C&C 40 More Tools Used 40 Reconnaissance 41 Readying Encryption 42 Data Exfiltration 43 Encryption 44 Extortion Demand 45 Negotiations 46 Provide Decryption Keys 47 Ransomware Goes Conglomerate 48 Ransomware Industry Components 52 Summary 55 Chapter 2: Preventing Ransomware 57 Nineteen Minutes to Takeover 57 Good General Computer Defense Strategy 59 Understanding How Ransomware Attacks 61 The Nine Exploit Methods All Hackers and Malware Use 62 Top Root-Cause Exploit Methods of All Hackers and Malware 63 Top Root-Cause Exploit Methods of Ransomware 64 Preventing Ransomware 67 Primary Defenses 67 Everything Else 70 Use Application Control 70 Antivirus Prevention 73 Secure Configurations 74 Privileged Account Management 74 Security Boundary Segmentation 75 Data Protection 76 Block USB Keys 76 Implement a Foreign Russian Language 77 Beyond Self-Defense 78 Geopolitical Solutions 79 International Cooperation and Law Enforcement 79 Coordinated Technical Defense 80 Disrupt Money Supply 81 Fix the Internet 81 Summary 84 Chapter 3: Cybersecurity Insurance 85 Cybersecurity Insurance Shakeout 85 Did Cybersecurity Insurance Make Ransomware Worse? 90 Cybersecurity Insurance Policies 92 What’s Covered by Most Cybersecurity Policies 93 Recovery Costs 93 Ransom 94 Root-Cause Analysis 95 Business Interruption Costs 95 Customer/Stakeholder Notifications and Protection 96 Fines and Legal Investigations 96 Example Cyber Insurance Policy Structure 97 Costs Covered and Not Covered by Insurance 98 The Insurance Process 101 Getting Insurance 101 Cybersecurity Risk Determination 102 Underwriting and Approval 103 Incident Claim Process 104 Initial Technical Help 105 What to Watch Out For 106 Social Engineering Outs 107 Make Sure Your Policy Covers Ransomware 107 Employee’s Mistake Involved 107 Work-from-Home Scenarios 108 War Exclusion Clauses 108 Future of Cybersecurity Insurance 109 Summary 111 Chapter 4: Legal Considerations 113 Bitcoin and Cryptocurrencies 114 Can You Be in Legal Jeopardy for Paying a Ransom? 123 Consult with a Lawyer 127 Try to Follow the Money 127 Get Law Enforcement Involved 128 Get an OFAC License to Pay the Ransom 129 Do Your Due Diligence 129 Is It an Official Data Breach? 129 Preserve Evidence 130 Legal Defense Summary 130 Summary 131 Part II: Detection and Recovery 133 Chapter 5: Ransomware Response Plan 135 Why Do Response Planning? 135 When Should a Response Plan Be Made? 136 What Should a Response Plan Include? 136 Small Response vs. Large Response Threshold 137 Key People 137 Communications Plan 138 Public Relations Plan 141 Reliable Backup 142 Ransom Payment Planning 144 Cybersecurity Insurance Plan 146 What It Takes to Declare an Official Data Breach 147 Internal vs. External Consultants 148 Cryptocurrency Wallet 149 Response 151 Checklist 151 Definitions 153 Practice Makes Perfect 153 Summary 154 Chapter 6: Detecting Ransomware 155 Why is Ransomware So Hard to Detect? 155 Detection Methods 158 Security Awareness Training 158 AV/EDR Adjunct Detections 159 Detect New Processes 160 Anomalous Network Connections 164 New, Unexplained Things 166 Unexplained Stoppages 167 Aggressive Monitoring 169 Example Detection Solution 169 Summary 175 Chapter 7: Minimizing Damage 177 Basic Outline for Initial Ransomware Response 177 Stop the Spread 179 Power Down or Isolate Exploited Devices 180 Disconnecting the Network 181 Disconnect at the Network Access Points 182 Suppose You Can’t Disconnect the Network 183 Initial Damage Assessment 184 What is Impacted? 185 Ensure Your Backups Are Still Good 186 Check for Signs of Data and Credential Exfiltration 186 Check for Rogue Email Rules 187 What Do You Know About the Ransomware? 187 First Team Meeting 188 Determine Next Steps 189 Pay the Ransom or Not? 190 Recover or Rebuild? 190 Summary 193 Chapter 8: Early Responses 195 What Do You Know? 195 A Few Things to Remember 197 Encryption is Likely Not Your Only Problem 198 Reputational Harm May Occur 199 Firings May Happen 200 It Could Get Worse 201 Major Decisions 202 Business Impact Analysis 202 Determine Business Interruption Workarounds 203 Did Data Exfiltration Happen? 204 Can You Decrypt the Data Without Paying? 204 Ransomware is Buggy 205 Ransomware Decryption Websites 205 Ransomware Gang Publishes Decryption Keys 206 Sniff a Ransomware Key Off the Network? 206 Recovery Companies Who Lie About Decryption Key Use 207 If You Get the Decryption Keys 207 Save Encrypted Data Just in Case 208 Determine Whether the Ransom Should Be Paid 209 Not Paying the Ransom 209 Paying the Ransom 210 Recover or Rebuild Involved Systems? 212 Determine Dwell Time 212 Determine Root Cause 213 Point Fix or Time to Get Serious? 214 Early Actions 215 Preserve the Evidence 215 Remove the Malware 215 Change All Passwords 217 Summary 217 Chapter 9: Environment Recovery 219 Big Decisions 219 Recover vs. Rebuild 220 In What Order 221 Restoring Network 221 Restore IT Security Services 223 Restore Virtual Machines and/or Cloud Services 223 Restore Backup Systems 224 Restore Clients, Servers, Applications, Services 224 Conduct Unit Testing 225 Rebuild Process Summary 225 Recovery Process Summary 228 Recovering a Windows Computer 229 Recovering/Restoring Microsoft Active Directory 231 Summary 233 Chapter 10: Next Steps 235 Paradigm Shifts 235 Implement a Data-Driven Defense 236 Focus on Root Causes 238 Rank Everything! 239 Get and Use Good Data 240 Heed Growing Threats More 241 Row the Same Direction 241 Focus on Social Engineering Mitigation 242 Track Processes and Network Traffic 243 Improve Overall Cybersecurity Hygiene 243 Use Multifactor Authentication 243 Use a Strong Password Policy 244 Secure Elevated Group Memberships 246 Improve Security Monitoring 247 Secure PowerShell 247 Secure Data 248 Secure Backups 249 Summary 250 Chapter 11: What Not to Do 251 Assume You Can’t Be a Victim 251 Think That One Super-Tool Can Prevent an Attack 252 Assume Too Quickly Your Backup is Good 252 Use Inexperienced Responders 253 Give Inadequate Considerations to Paying Ransom 254 Lie to Attackers 255 Insult the Gang by Suggesting Tiny Ransom 255 Pay the Whole Amount Right Away 256 Argue with the Ransomware Gang 257 Apply Decryption Keys to Your Only Copy 257 Not Care About Root Cause 257 Keep Your Ransomware Response Plan Online Only 258 Allow a Team Member to Go Rogue 258 Accept a Social Engineering Exclusion in Your Cyber-Insurance Policy 259 Summary 259 Chapter 12: Future of Ransomware 261 Future of Ransomware 261 Attacks Beyond Traditional Computers 262 IoT Ransoms 264 Mixed-Purpose Hacking Gangs 265 Future of Ransomware Defense 267 Future Technical Defenses 267 Ransomware Countermeasure Apps and Features 267 AI Defense and Bots 268 Strategic Defenses 269 Focus on Mitigating Root Causes 269 Geopolitical Improvements 269 Systematic Improvements 270 Use Cyber Insurance as a Tool 270 Improve Internet Security Overall 271 Summary 271 Parting Words 272 Index 273

Read more less

Book SynopsisDesign, implement, and integrate a complete data sanitization program In Net Zeros and Ones: How Data Erasure Promotes Sustainability, Privacy, and Security, a well-rounded team of accomplished industry veterans delivers a comprehensive guide to managing permanent and sustainable data erasure while complying with regulatory, legal, and industry requirements. In the book, you'll discover the why, how, and when of data sanitization, including why it is a crucial component in achieving circularity within IT operations. You will also learn about future-proofing yourself against security breaches and data leaks involving your most sensitive informationall while being served entertaining industry anecdotes and commentary from leading industry personalities. The authors also discuss: Several new standards on data erasure, including the soon-to-be published standards by the IEEE and ISO How data sanitization strengthens a sustainability or Environmental, Social, anTable of ContentsForeword xv Introduction xix Chapter 1 End of Life for Data 1 1.1 Growth of Data 3 1.2 Managing Data 4 1.2.1 Discovery 4 1.2.2 Classification 5 1.2.3 Risk 6 1.3 Data Loss 6 1.3.1 Accidental 7 1.3.2 Theft 7 1.3.3 Dumpster Diving 9 1.4 Encryption 9 1.5 Data Discovery 9 1.6 Regulations 10 1.7 Security 10 1.8 Legal Discovery 11 1.9 Data Sanitization 12 1.10 Ecological and Economic Considerations 13 1.10.1 Ecological 13 1.10.2 Economic 13 1.11 Summary: Proactive Risk Reduction and Reactive End of Life 14 Chapter 2 Where Are We, and How Did We Get Here? 15 2.1 Digital Data Storage 16 2.2 Erasing Magnetic Media 17 2.3 History of Data Erasure 17 2.3.1 The Beginnings of Commercial Data Erasure 19 2.3.2 Darik’s Boot and Nuke (DBAN) 19 2.4 Summary 21 Chapter 3 Data Sanitization Technology 23 3.1 Shredding 24 3.2 Degaussing 24 3.3 Overwriting 25 3.4 Crypto- Erase 27 3.5 Erasing Solid- State Drives 28 3.6 Bad Blocks 29 3.7 Data Forensics 29 3.8 Summary 31 Chapter 4 Information Lifecycle Management 33 4.1 Information Lifecycle Management vs. Data Lifecycle Management 33 4.2 Information Lifecycle Management 34 4.2.1 Lifecycle Stages 34 4.3 Data Security Lifecycle 35 4.3.1 Stages for Data Security Lifecycle 36 4.4 Data Hygiene 36 4.5 Data Sanitization 37 4.5.1 Physical Destruction 37 4.5.2 Cryptographic Erasure 37 4.5.3 Data Erasure 38 4.6 Summary 39 Chapter 5 Regulatory Requirements 41 5.1 Frameworks 42 5.1.1 NIST Cybersecurity Framework Applied to Data 42 5.2 Regulations 43 5.2.1 GDPR 44 5.2.1.1 The Right to Erasure 45 5.2.1.2 Data Retention 51 5.2.2 HIPAA Security Rule Subpart c 53 5.2.3 PCI DSS V3.2 Payment Card Industry Requirements 56 5.2.4 Sarbanes–Oxley 58 5.2.5 Saudi Arabian Monetary Authority Payment Services Regulations 59 5.2.6 New York State Cybersecurity Requirements of Financial Services Companies 23 NYCRR 500 59 5.2.7 Philippines Data Privacy Act 2012 60 5.2.8 Singapore Personal Data Protection Act 2012 61 5.2.9 Gramm–Leach–Bliley Act 61 5.3 Standards 62 5.3.1 ISO 27000 and Family 62 5.3.2 NIST SP 800- 88 63 5.4 Summary 65 Chapter 6 New Standards 67 6.1 IEEE P2883 Draft Standard for Sanitizing Storage 68 6.1.1 Data Sanitization 68 6.1.2 Storage Sanitization 68 6.1.3 Media Sanitization 68 6.1.4 Clear 69 6.1.5 Purge 69 6.1.6 Destruct 69 6.2 Updated ISO/IEC CD 27040 Information Technology Security Techniques— Storage Security 70 6.3 Summary 71 Chapter 7 Asset Lifecycle Management 73 7.1 Data Sanitization Program 73 7.2 Laptops and Desktops 74 7.3 Servers and Network Gear 76 7.3.1 Edge Computing 78 7.4 Mobile Devices 79 7.4.1 Crypto- Erase 80 7.4.2 Mobile Phone Processing 80 7.4.3 Enterprise Data Erasure for Mobile Devices 81 7.4.3.1 Bring Your Own Device 81 7.4.3.2 Corporate- Issued Devices 81 7.5 Internet of Things: Unconventional Computing Devices 82 7.5.1 Printers and Scanners 82 7.5.2 Landline Phones 82 7.5.3 Industrial Control Systems 82 7.5.4 HVAC Controls 83 7.5.5 Medical Devices 83 7.6 Automobiles 83 7.6.1 Off- Lease Vehicles 84 7.6.2 Used Vehicle Market 85 7.6.3 Sanitization of Automobiles 85 7.7 Summary 86 Chapter 8 Asset Disposition 87 8.1 Contracting and Managing Your ITAD 88 8.2 ITAD Operations 89 8.3 Sustainability and Green Tech 91 8.4 Contribution from R2 91 8.4.1 Tracking Throughput 91 8.4.2 Data Security 92 8.5 e- Stewards Standard for Responsible Recycling and Reuse of Electronic Equipment 92 8.6 i- SIGMA 93 8.7 FACTA 93 8.8 Summary 95 Chapter 9 Stories from the Field 97 9.1 3stepIT 98 9.2 TES – IT Lifecycle Solutions 101 9.2.1 Scale of Operations 103 9.2.2 Compliance 104 9.2.3 Conclusion 104 9.3 Ingram Micro 104 9.4 Summary 106 Chapter 10 Data Center Operations 109 10.1 Return Material Allowances 110 10.2 NAS 110 10.3 Logical Drives 110 10.4 Rack- Mounted Hard Drives 111 10.5 Summary 112 Chapter 11 Sanitizing Files 113 11.1 Avoid Confusion with CDR 113 11.2 Erasing Files 114 11.3 When to Sanitize Files 115 11.4 Sanitizing Files 116 11.5 Summary 116 Chapter 12 Cloud Data Sanitization 117 12.1 User Responsibility vs. Cloud Provider Responsibility 117 12.2 Attacks Against Cloud Data 119 12.3 Cloud Encryption 119 12.4 Data Sanitization for the Cloud 120 12.5 Summary 121 Chapter 13 Data Sanitization and Information Lifecycle Management 123 13.1 The Data Sanitization Team 124 13.2 Identifying Data 124 13.3 Data Sanitization Policy 124 13.3.1 Deploy Technology 125 13.3.2 Working with DevOps 125 13.3.3 Working with Data Security 125 13.3.4 Working with the Legal Team 125 13.3.5 Changes 126 13.4 Summary 126 Chapter 14 How Not to Destroy Data 127 14.1 Drilling 127 14.1.1 Nail Gun 128 14.1.2 Gun 128 14.2 Acids and Other Solvents 128 14.3 Heating 128 14.4 Incineration 129 14.5 Street Rollers 129 14.6 Ice Shaving Machines 129 Chapter 15 The Future of Data Sanitization 131 15.1 Advances in Solid- State Drives 132 15.2 Shingled Magnetic Recording 133 15.3 Thermally Assisted Magnetic Recording, Also Known as Heat- Assisted Magnetic Recording 133 15.4 Microwave- Assisted Magnetic Recording 134 15.5 DNA Data Storage 135 15.6 Holographic Storage 135 15.7 Quantum Storage 136 15.8 NVIDMM 137 15.9 Summary 138 Chapter 16 Conclusion 139 Appendix Enterprise Data Sanitization Policy 143 Introduction 143 Intended Audience 143 Purpose of Policy 144 General Data Hygiene and Data Retention 144 Data Spillage 144 Handling Files Classified as Confidential 144 Data Migration 144 End of Life for Classified Virtual Machines 145 On Customer’s Demand 145 Seven Steps to Creating a Data Sanitization Process 145 Step 1: Prioritize and Scope 146 Step 2: Orient 146 Step 3: Create a Current Profile 146 Step 4: Conduct a Risk Assessment 147 Step 5: Create a Target Profile 147 Step 6: Determine, Analyze, and Prioritize Gaps 147 Step 7: Implement Action Plan 147 Data Sanitization Defined 147 Physical Destruction 148 Degaussing 148 Pros and Cons of Physical Destruction 148 Cryptographic Erasure (Crypto- Erase) 148 Pros and Cons of Cryptographic Erasure 149 Data Erasure 149 Pros and Cons of Data Erasure 150 Equipment Details 150 Asset Lifecycle Procedures 151 Suggested Process, In Short 152 Create Contract Language for Third Parties 152 Data Erasure Procedures 152 Responsibility 152 Validation of Data Erasure Software and Equipment 153 Personal Computers 153 Servers and Server Storage Systems 154 Photocopiers, Network Printers, and Fax Machines 154 Mobile Phones, Smartphones, and Tablets 154 Point- of- Sale Equipment 155 Virtual Machines 155 Removable Solid- State Memory Devices (USB Flash Drives, SD Cards) 155 CDs, DVDs, and Optical Discs 155 Backup Tape 155 General Requirements for Full Implementation 155 Procedure for Partners and Suppliers 155 Audit Trail Requirement 156 Policy Ownership 156 Mandatory Revisions 156 Roles and Responsibilities 157CEO 157Board of Directors 157 Index 159

Read more less

Book SynopsisTable of ContentsIntroduction 1 Part 1: Getting Started with Cybersecurity 5 Chapter 1: What Exactly Is Cybersecurity? 7 Chapter 2: Getting to Know Common Cyberattacks 23 Chapter 3: The Bad Guys You Must Defend Against 49 Part 2: Improving Your Own Personal Security 69 Chapter 4: Evaluating Your Current Cybersecurity Posture 71 Chapter 5: Enhancing Physical Security 93 Chapter 6: Cybersecurity Considerations When Working from Home 105 Part 3: Protecting Yourself from Yourself 115 Chapter 7: Securing Your Accounts 117 Chapter 8: Passwords 135 Chapter 9: Preventing Social Engineering Attacks 151 Part 4: Cybersecurity for Businesses, Organizations, and Government 173 Chapter 10: Securing Your Small Business 175 Chapter 11: Cybersecurity and Big Businesses 201 Part 5: Handling a Security Incident (This Is a When, Not an If) 217 Chapter 12: Identifying a Security Breach 219 Chapter 13: Recovering from a Security Breach 239 Part 6: Backing Up and Recovery 259 Chapter 14: Backing Up 261 Chapter 15: Resetting Your Device 289 Chapter 16: Restoring from Backups 299 Part 7: Looking toward the Future 321 Chapter 17: Pursuing a Cybersecurity Career 323 Chapter 18: Emerging Technologies Bring New Threats 337 Part 8: The Part of Tens 351 Chapter 19: Ten Ways to Improve Your Cybersecurity without Spending a Fortune 353 Chapter 20: Ten (or So) Lessons from Major Cybersecurity Breaches 359 Chapter 21: Ten Ways to Safely Use Public Wi-Fi 367 Index 371 ntroduction 1 Part 1: Getting Started with Cybersecurity 5 Chapter 1: What Exactly Is Cybersecurity? 7 Chapter 2: Getting to Know Common Cyberattacks 23 Chapter 3: The Bad Guys You Must Defend Against 49 Part 2: Improving Your Own Personal Security 69 Chapter 4: Evaluating Your Current Cybersecurity Posture 71 Chapter 5: Enhancing Physical Security 93 Chapter 6: Cybersecurity Considerations When Working from Home 105 Part 3: Protecting Yourself from Yourself 115 Chapter 7: Securing Your Accounts 117 Chapter 8: Passwords 135 Chapter 9: Preventing Social Engineering Attacks 151 Part 4: Cybersecurity for Businesses, Organizations, and Government 173 Chapter 10: Securing Your Small Business 175 Chapter 11: Cybersecurity and Big Businesses 201 Part 5: Handling a Security Incident (This Is a When, Not an If) 217 Chapter 12: Identifying a Security Breach 219 Chapter 13: Recovering from a Security Breach 239 Part 6: Backing Up and Recovery 259 Chapter 14: Backing Up 261 Chapter 15: Resetting Your Device 289 Chapter 16: Restoring from Backups 299 Part 7: Looking toward the Future 321 Chapter 17: Pursuing a Cybersecurity Career 323 Chapter 18: Emerging Technologies Bring New Threats 337 Part 8: The Part of Tens 351 Chapter 19: Ten Ways to Improve Your Cybersecurity without Spending a Fortune 353 Chapter 20: Ten (or So) Lessons from Major Cybersecurity Breaches 359 Chapter 21: Ten Ways to Safely Use Public Wi-Fi 367 Index 371 ntroduction 1 Part 1: Getting Started with Cybersecurity 5 Chapter 1: What Exactly Is Cybersecurity? 7 Chapter 2: Getting to Know Common Cyberattacks 23 Chapter 3: The Bad Guys You Must Defend Against 49 Part 2: Improving Your Own Personal Security 69 Chapter 4: Evaluating Your Current Cybersecurity Posture 71 Chapter 5: Enhancing Physical Security 93 Chapter 6: Cybersecurity Considerations When Working from Home 105 Part 3: Protecting Yourself from Yourself 115 Chapter 7: Securing Your Accounts 117 Chapter 8: Passwords 135 Chapter 9: Preventing Social Engineering Attacks 151 Part 4: Cybersecurity for Businesses, Organizations, and Government 173 Chapter 10: Securing Your Small Business 175 Chapter 11: Cybersecurity and Big Businesses 201 Part 5: Handling a Security Incident (This Is a When, Not an If) 217 Chapter 12: Identifying a Security Breach 219 Chapter 13: Recovering from a Security Breach 239 Part 6: Backing Up and Recovery 259 Chapter 14: Backing Up 261 Chapter 15: Resetting Your Device 289 Chapter 16: Restoring from Backups 299 Part 7: Looking toward the Future 321 Chapter 17: Pursuing a Cybersecurity Career 323 Chapter 18: Emerging Technologies Bring New Threats 337 Part 8: The Part of Tens 351 Chapter 19: Ten Ways to Improve Your Cybersecurity without Spending a Fortune 353 Chapter 20: Ten (or So) Lessons from Major Cybersecurity Breaches 359 Chapter 21: Ten Ways to Safely Use Public Wi-Fi 367 Index 371

Read more less

Book SynopsisIn Human Dimensions of Cyber Security, Terry Bossomaier, Steven D'Alessandro, and Roger Bradbury have produced a book that shows how it is indeed possible to achieve what we all need; a multidisciplinary, rigorously researched and argued, and above all accessible account of cybersecurity what it is, why it matters, and how to do it.--Professor Paul Cornish, Visiting Professor, LSE IDEAS, London School of EconomicsHuman Dimensions of Cybersecurity explores social science influences on cybersecurity. It demonstrates how social science perspectives can enable the ability to see many hazards in cybersecurity. It emphasizes the need for a multidisciplinary approach, as cybersecurity has become a fundamental issue of risk management for individuals, at work, and with government and nation states. This book explains the issues of cybersecurity with rigor, but also in simple language, so individuals can see how they can address these issuesTable of ContentsForewordPrefaceGlossaryList of Cyber NuggetsAuthors1 Introduction2 Case Studies3 Networks and Norms4 Consumer Choice5 Risk Perspectives in Cybersecurity6 Government Policy and Statecraft in Cybersecurity7 Technical Perspectives8 The FutureReferencesIndex

Read more less

Book SynopsisSachiko Scheuing is an award-winning privacy professional based in Frankfurt, Germany. She serves on the Europe Middle East and Africa senior leadership team of Acxiom, part of Interpublic Group (IPG), as European Privacy Officer. She also currently serves as the Co-Chairwoman of the Federation of European Data and Marketing (FEDMA). In 2020, she was awarded the DataIQ Professor Derek Holder Lifetime Achievement Award for her contribution to the data protection and advertising industries. In 2024, she was named by Women in Data as one of the 20 most influential women in data and tech.

Read more less

Book SynopsisSachiko Scheuing is an award-winning privacy professional based in Frankfurt, Germany. She serves on the Europe Middle East and Africa senior leadership team of Acxiom, part of Interpublic Group (IPG), as European Privacy Officer. She also currently serves as the Co-Chairwoman of the Federation of European Data and Marketing (FEDMA). In 2020, she was awarded the DataIQ Professor Derek Holder Lifetime Achievement Award for her contribution to the data protection and advertising industries. In 2024, she was named by Women in Data as one of the 20 most influential women in data and tech.

Read more less

Book SynopsisDissecting the biggest medical myths and pseudoscience, Viral BS explores how misinformation can spread faster than microbes. Can your zip code predict when you will die? Should you space out childhood vaccines? Does talcum powder cause cancer? Why do some doctors recommend e-cigarettes while other doctors recommend you stay away from them? Health informationand misinformationis all around us, and it can be hard to separate the two. A long history of unethical medical experiments and medical mistakes, along with a host of celebrities spewing anti-science beliefs, has left many wary of science and the scientists who say they should be trusted. How do we stay sane while unraveling the knots of fact and fiction to find out what we should really be concerned about, and what we can laugh off? In Viral BS, journalist, doctor, professor, and CDC-trained disease detective Seema Yasmin, driven by a need to set the record straight, dissects some of the most widely circulating medical myths andTrade Review[Yasmin] analyzes the pseudoscience that becomes hard to shake and reviews related research that presents the truth. The antidote is easy to swallow, thanks to Yasmin's approach.—Science NewsTable of ContentsIntroduction1. Do the flat tummy detox teas touted by Instagram celebrities actually work?2. Should you eat your baby's placenta?3. Do vaccines cause autism?4. Can autism be cured?5. Are children being paralyzed by the common cold virus?6. Do we inherit trauma from our parents?7. Are genetically modified foods safe?8. How long can you eat leftovers?9. Is MSG addictive?10. Is drinking diet soda linked to Alzheimer's disease and stroke?11. Do mammograms cause more problems than they detect?12. Is it dangerous to be pregnant in America?13. The raging statin debate: Should you take a cholesterol-lowering drug?14. Does aspirin prevent cancer?15. Did the maker of aspirin test medicines in Nazi concentration camps?16. Does the birth control pill cause depression?17. Do vitamin D supplements protect against obesity, cancer, and pneumonia?18. Will fish oil supplements prevent heart disease or give you cancer?19. Are heartburn medicines linked to a serious gut infection?20. Were dietary supplements linked to a deadly outbreak of hepatitis?21. Can gay and bisexual men donate blood?22. Are e-cigarettes helpful or harmful?23. Is marijuana a performance-enhancing drug for athletes?24. Did a morning sickness pill for pregnant women cause birth defects in thousands of babies?25. Is there lead in your lipstick?26. Why do immigrants in America live longer than American-born people?27. Has the US government banned research about gun violence?28. The Frackademia Scandal: Did oil and gas companies pay academics to say fracking was safe?29. Does playing American football give players brain damage?30. Did the US government infect people with syphilis and gonorrhea?31. Does talcum powder cause ovarian cancer?32. Does infection with Ebola cause lifelong symptoms?33. Are older adults at higher risk of contracting sexually transmitted infections?34. Did genetically modified mosquitoes spread Zika, and does the virus cause birth defects?35. Can your cat's poop make you better at business?36. Is suicide contagious?37. Are suicide rates linked to the economy?38. Are there more suicides during the holiday season?39. Are you more likely to die from a medical mistake than from a car crash?40. Is it dangerous to go to the hospital in July?41. Do patients cared for by female doctors live longer?42. Can a pill make racists less racist?43. Are airplane condensation trails, aka chemtrails, bad for your health?44. Do bad teeth cause heart disease?45. Can your zip code predict when you will die?46. Does debunking a myth help it spread?Dr. Yasmin's Bullshit Detection KitAcknowledgmentsAbout the AuthorIndex

Read more less

Book SynopsisThis book analyses societal trends and controversies related to developments in data ownership, access, construction, dissemination and interpretation, looking at the ways that society interacts with and uses statistical data.Table of ContentsBook Introduction ~ Humphrey Southall, Jeff Evans and Sally Ruane; 1: How Data are Changing; Introduction ~ Humphrey Southall and Jeff Evans; Statistical work: the changing occupational landscape ~ Kevin McConway; The creation and use of big administrative data ~ Harvey Goldstein and Ruth Gilbert Data Analytics ~ Ifan Shepherd and Gary Hearne; Social Media Data ~ Adrian Tear and Humphrey Southall; 2: Counting in a Globalised world; Introduction ~ Sally Ruane and Jeff Evans; Adult Skills Surveys and Transnational Organisations: Globalising Educational Policy ~ Jeff Evans; Poverty and health care surveys in the Global South: Towards making valid estimates ~ Roy Carr-Hill; Counting the Population in Need of International Protection Globally ~ Brad Blitz, Alessio D’Angelo and Eleonore Kofman; Tax justice and the challenges of measuring illicit financial flows ~ Richard Murphy; 3: The Changing Role of the State; Introduction ~ Sally Ruane and Humphrey Southall; The control and ‘fitness for purpose’ of UK official statistics ~ David Rhind; The Statistics of Devolution ~ David Byrne; Welfare reform: national policies with local impacts ~ Christina Beatty and Steve Fothergill; Social insecurity and the changing role of the (welfare) state: Public perceptions, social attitudes and political action ~ Christopher Deeming and Ron Johnston; Access to data and NHS privatisation: reducing public accountability ~ Sally Ruane; 4: Economic Life; Introduction ~ Humphrey Southall, Sally Ruane and Jeff Evans; The ‘distribution question’: the role of statistical analysis in measuring and evaluating trends in inequality ~ Stewart Lansley; Labour market statistics ~ Paul Bivand; The financial system ~ Rebecca Boden; The difficulty of building comprehensive tax avoidance data ~ Prem Sikka; Tax and spend decisions: did austerity improve financial numeracy and literacy? ~ David Walker; 5: Inequalities in Health and Well-being; Introduction ~ Sally Ruane and Humphrey Southall; Health Divides ~ Anonymous; Measuring Social Wellbeing ~ Roy Carr-Hill; Re-engineering health policy research to measure equity impacts ~ Tim Doran and Richard Cookson; The Generation Game: Ending the phony information war between young and old ~ Jay Ginn and Neil Duncan-Jordan; 6: Advancing social progress through critical statistical literacy; Introduction ~ Jeff Evans, Humphrey Southall and Sally Ruane; The Radical Statistics Group: Using Statistics for Progressive Social Change ~ Jeff Evans and Ludi Simpson; Lyme disease politics and evidence-based policy-making in the UK ~ Kate Bloor; Counting the uncounted: contestations over casualisation data in Australian universities ~ Nour Dados, James Goodman and Keiko Yasukawa; The quantitative crisis in UK Sociology ~ Malcolm Williams, Luke Sloan and Charlotte Brookfield; Critical Statistical Literacy and Interactive Data Visualisations ~ Jim Ridgway, James Nicholson, Sinclair Sutherland and Spencer Hedger; Full Fact ~ Amy Sippitt; What a difference a dataset makes? Data journalism and/as data activism ~ Jonathan Gray and Liliana Bounegru; Book Epilogue .

Read more less

Book SynopsisThis book analyses societal trends and controversies related to developments in data ownership, access, construction, dissemination and interpretation, looking at the ways that society interacts with and uses statistical data.Table of ContentsBook Introduction ~ Humphrey Southall, Jeff Evans and Sally Ruane; 1: How Data are Changing; Introduction ~ Humphrey Southall and Jeff Evans; Statistical work: the changing occupational landscape ~ Kevin McConway; The creation and use of big administrative data ~ Harvey Goldstein and Ruth Gilbert Data Analytics ~ Ifan Shepherd and Gary Hearne; Social Media Data ~ Adrian Tear and Humphrey Southall; 2: Counting in a Globalised world; Introduction ~ Sally Ruane and Jeff Evans; Adult Skills Surveys and Transnational Organisations: Globalising Educational Policy ~ Jeff Evans; Poverty and health care surveys in the Global South: Towards making valid estimates ~ Roy Carr-Hill; Counting the Population in Need of International Protection Globally ~ Brad Blitz, Alessio D’Angelo and Eleonore Kofman; Tax justice and the challenges of measuring illicit financial flows ~ Richard Murphy; 3: The Changing Role of the State; Introduction ~ Sally Ruane and Humphrey Southall; The control and ‘fitness for purpose’ of UK official statistics ~ David Rhind; The Statistics of Devolution ~ David Byrne; Welfare reform: national policies with local impacts ~ Christina Beatty and Steve Fothergill; Social insecurity and the changing role of the (welfare) state: Public perceptions, social attitudes and political action ~ Christopher Deeming and Ron Johnston; Access to data and NHS privatisation: reducing public accountability ~ Sally Ruane; 4: Economic Life; Introduction ~ Humphrey Southall, Sally Ruane and Jeff Evans; The ‘distribution question’: the role of statistical analysis in measuring and evaluating trends in inequality ~ Stewart Lansley; Labour market statistics ~ Paul Bivand; The financial system ~ Rebecca Boden; The difficulty of building comprehensive tax avoidance data ~ Prem Sikka; Tax and spend decisions: did austerity improve financial numeracy and literacy? ~ David Walker; 5: Inequalities in Health and Well-being; Introduction ~ Sally Ruane and Humphrey Southall; Health Divides ~ Anonymous; Measuring Social Wellbeing ~ Roy Carr-Hill; Re-engineering health policy research to measure equity impacts ~ Tim Doran and Richard Cookson; The Generation Game: Ending the phony information war between young and old ~ Jay Ginn and Neil Duncan-Jordan; 6: Advancing social progress through critical statistical literacy; Introduction ~ Jeff Evans, Humphrey Southall and Sally Ruane; The Radical Statistics Group: Using Statistics for Progressive Social Change ~ Jeff Evans and Ludi Simpson; Lyme disease politics and evidence-based policy-making in the UK ~ Kate Bloor; Counting the uncounted: contestations over casualisation data in Australian universities ~ Nour Dados, James Goodman and Keiko Yasukawa; The quantitative crisis in UK Sociology ~ Malcolm Williams, Luke Sloan and Charlotte Brookfield; Critical Statistical Literacy and Interactive Data Visualisations ~ Jim Ridgway, James Nicholson, Sinclair Sutherland and Spencer Hedger; Full Fact ~ Amy Sippitt; What a difference a dataset makes? Data journalism and/as data activism ~ Jonathan Gray and Liliana Bounegru; Book Epilogue .

Read more less

Book SynopsisWith this practical book, you will learn proven methods for anonymizing health data to help your organization share meaningful datasets, without exposing patient identity. Leading experts Khaled El Emam and Luk Arbuckle walk you through a risk-based methodology, using case studies from their efforts to de-identify hundreds of datasets.

Read more less

Book SynopsisThe successes and failures of an industry that claims to protect and promote our online identitiesWhat does privacy mean in the digital era? As technology increasingly blurs the boundary between public and private, questions about who controls our data become harder and harder to answer. Our every web view, click, and online purchase can be sold to anyone to store and use as they wish. At the same time, our online reputation has become an important part of our identitya form of cultural currency.The Identity Trade examines the relationship between online visibility and privacy, and the politics of identity and self-presentation in the digital age. In doing so, Nora Draper looks at the revealing two-decade history of efforts by the consumer privacy industry to give individuals control over their digital image through the sale of privacy protection and reputation management as a service.Through in-depth interviews with industry experts, as well as analyTrade ReviewFeaturing interviews with such industry figures as Fred Davis, founder of the identity management company Lumeria, and Josh Galper, general counsel for the online data vault provider Personal, the book brings to light the cultural and economic ramifications of the publics desire for online privacy. . . . Throughout, Draper examines the rights, expectations, and economics of digital privacy with expert fascination. * Publishers Weekly *How did 'protect your privacy online' become 'cultivate your personal brand'? Draper shines a light on the entrepreneurs in the privacy game, many overlooked or long gone, who had an outsized influence on how we think about privacy today. The Identity Trade provides a rich and important history, but also an astute meditation on how industry can shape cultural logics in profound ways. -- Tarleton Gillespie,author of Custodians of the InternetIn analyzing the burgeoning consumer privacy industry through its failures, Draper traces shifts in the industrial definition of privacy from anonymity to controlled exposure. The Identity Trade demonstrates how the economics of privacy directly shapes our understanding of what privacy is and how we might practice it. Essential reading for anyone concerned about their 'privacy,' their vulnerability to data breaches, and the myriad other 'identity' pitfalls that come along with online life as we know it. -- Alison Hearn,University of Western OntarioWhile we have been obsession over the ways Facebook and Google have blown away our ability to manage information about ourselves, a fascinating and troubling industry devoted to privacy management has emerged. In this lucid book, Draper reveals the assumptions and ideologies that drive the players in that industry, and thus reveals what's really at stake as we lurch toward a future we can't seem to control. -- Siva Vaidhyanathan, author of Antisocial Media: How Facebook Disconnects Us and Undermines Democracy

Read more less

Book SynopsisThe successes and failures of an industry that claims to protect and promote our online identitiesWhat does privacy mean in the digital era? As technology increasingly blurs the boundary between public and private, questions about who controls our data become harder and harder to answer. Our every web view, click, and online purchase can be sold to anyone to store and use as they wish. At the same time, our online reputation has become an important part of our identitya form of cultural currency.The Identity Trade examines the relationship between online visibility and privacy, and the politics of identity and self-presentation in the digital age. In doing so, Nora Draper looks at the revealing two-decade history of efforts by the consumer privacy industry to give individuals control over their digital image through the sale of privacy protection and reputation management as a service.Through in-depth interviews with industry experts, as well as analyTrade ReviewFeaturing interviews with such industry figures as Fred Davis, founder of the identity management company Lumeria, and Josh Galper, general counsel for the online data vault provider Personal, the book brings to light the cultural and economic ramifications of the publics desire for online privacy. . . . Throughout, Draper examines the rights, expectations, and economics of digital privacy with expert fascination. * Publishers Weekly *How did 'protect your privacy online' become 'cultivate your personal brand'? Draper shines a light on the entrepreneurs in the privacy game, many overlooked or long gone, who had an outsized influence on how we think about privacy today. The Identity Trade provides a rich and important history, but also an astute meditation on how industry can shape cultural logics in profound ways. -- Tarleton Gillespie,author of Custodians of the InternetIn analyzing the burgeoning consumer privacy industry through its failures, Draper traces shifts in the industrial definition of privacy from anonymity to controlled exposure. The Identity Trade demonstrates how the economics of privacy directly shapes our understanding of what privacy is and how we might practice it. Essential reading for anyone concerned about their 'privacy,' their vulnerability to data breaches, and the myriad other 'identity' pitfalls that come along with online life as we know it. -- Alison Hearn,University of Western OntarioWhile we have been obsession over the ways Facebook and Google have blown away our ability to manage information about ourselves, a fascinating and troubling industry devoted to privacy management has emerged. In this lucid book, Draper reveals the assumptions and ideologies that drive the players in that industry, and thus reveals what's really at stake as we lurch toward a future we can't seem to control. -- Siva Vaidhyanathan, author of Antisocial Media: How Facebook Disconnects Us and Undermines Democracy

Read more less

Book SynopsisUnderstand the different access control paradigms available in the Snowflake Data Cloud and learn how to implement access control in support of data privacy and compliance with regulations such as GDPR, APPI, CCPA, and SOX. The information in this book will help you and your organization adhere to privacy requirements that are important to consumers and becoming codified in the law. You will learn to protect your valuable data from those who should not see it while making it accessible to the analysts whom you trust to mine the data and create business value for your organization. Snowflake is increasingly the choice for companies looking to move to a data warehousing solution, and security is an increasing concern due to recent high-profile attacks. This book shows how to use Snowflake's wide range of features that support access control, making it easier to protect data access from the data origination point all the way to the presentation and visualization layer.Reading this book Table of Contents​Part I. Background1. What is Access Control?2. Data Types Requiring Access Control3. Data Privacy Laws and Regulatory Drivers4. Permission typesPart II. Creating Roles5. Functional Roles - What A Person Does6. Team Roles - Who A Person Is7. Assuming A Primary Role8. Secondary RolesPart III. Granting Permissions to Roles9. Role Inheritance10. Account and Database Level Privileges 11. Schema-Level Privileges12. Table and View Level Privileges13. Row-Level Permissioning and Fine-Grained Access Control14. Column-Level Permissioning and Data MaskingPart IV. Operationally Managing Access Control15. Secure Data Sharing16. Separating Production from Development17. Upstream & Downstream Services18. Managing Access Requests

Read more less

Book SynopsisRely on this practical, comprehensive guide to significantly improve your cyber safety and data privacy. Shop and bank online with maximum security and peace of mind. Block online tracking, data mining and malicious online ads.Table of Contents

Read more less

Book SynopsisThe biggest online threat to businesses and consumers today is ransomware, a category of malware that can encrypt your computer files until you pay a ransom to unlock them. With this practical book, you'll learn how easily ransomware infects your system and what steps you can take to stop the attack before it sets foot in the network.

Read more less

Book SynopsisBeing ethical takes constant diligence, and in many situations identifying the right choice can be difficult. In this in-depth book, contributors from top companies in technology, finance, and other industries share experiences and lessons learned from collecting, managing, and analyzing data ethically.

Read more less

Book SynopsisThis practical book provides a detailed explanation of the zero trust security model. The updated edition offers more scenarios, real-world examples, and in-depth explanations of key concepts to help you fully comprehend the zero trust security architecture.

Read more less

Book SynopsisIn The United States of Anonymous, Jeff Kosseff explores how the right to anonymity has shaped American values, politics, business, security, and discourse, particularly as technology has enabled people to separate their identities from their communications. Legal and political debates surrounding online privacy often focus on the Fourth Amendment''s protection against unreasonable searches and seizures, overlooking the history and future of an equally powerful privacy right: the First Amendment''s protection of anonymity. The United States of Anonymous features extensive and engaging interviews with people involved in the highest profile anonymity cases, as well as with those who have benefited from, and been harmed by, anonymous communications. Through these interviews, Kosseff explores how courts have protected anonymity for decades and, likewise, how law and technology have allowed individuals to control how much, if any, identifying infTrade ReviewAmid surging social media and online speech wars, readers concerned about the future of free speech, privacy, and the law will appreciate Kosseff's ability to deftly place the many-sided anonymity debate in the context of constitutional values and social norms. * Library Journal *Table of ContentsIntroduction Part I: Developing the Right to Anonymity 1. America, the Anonymous 2. Empowering Anonymous Association 3. Empowering Anonymous Speech 4. The Scope of Anonymity Empowerment 5. Antimask Part II: The Right to Online Anonymity 6. Cybersmear 7. Setting the Rules for Online Anonymity 8. Online Anonymity and Copyright 9. When the Government Wants to Unmask You 10. Anonymity Worldwide 11. Technological Protections for Anonymity Part III: Living in an Anonymous World 12. Anonymity as a Shield 13. Anonymity as a Sword Part IV: The Future of Anonymity 14. Real-Name Policies 15. Out in the Open 16. Empowering Anonymity through Privacy Law Conclusion

Read more less

Book Synopsis

Read more less

Book SynopsisPrivacy is one of the most contested concepts of our time. This book sets out a rigorous and comprehensive framework for understanding debates about privacy and our rights to it. Much of the conflict around privacy comes from a failure to recognise divergent perspectives. Some people argue about human rights, some about social conventions, others about individual preferences and still others about information and data processing. As a result, ‘privacy’ has become the focus of competing definitions, leading some to denounce the ‘disarray’ in the field. But as this book shows, disagreements about the role and value of privacy obscure a large amount of agreement on the topic. Privacy is not a technical term of law, cybersecurity or sociology, but a word in common use that adequately expresses a few simple and related ideas.Trade Review‘An impressively thorough and systematic – but always accessible – analysis. O'Hara sorts and sifts the different claims for what is and what is not “privacy”. O Privacy, what crimes are committed in thy name! But O'Hara! What fun you've had finding a way through the muddles and misunderstandings to establish a common language for discussing privacy. I wish I'd had access to Kieron O'Hara's excellent survey when I started out as UK Information Commissioner back in 2009. O'Hara's razor should help us to approach debates around public policy on their own merits, avoiding using “privacy” as a mere label either to support or oppose particular causes or proposals.”Christopher Graham, UK Information Commissioner, 2009–16‘O’Hara gives us a refreshingly provocative, learned, distinctive and lively book about privacy that will stimulate important debates. The vast, unwieldy body of privacy scholarship is seen through new lenses, bringing seven different levels of privacy discourse into focus. Each one veils the meaning of privacy, but all contribute to a new framework that helps to make sense of the supposed “chaos” of this subject. Illustrative discussions of seven important privacy topics and debates are related to the sevenfold framework. O’Hara’s examples and personal style keep the reader in mind along the intricate trail of de (or re)constructive analysis, and a fascinating conclusion affords important insights into privacy by refracting the analysis through the COVID-19 pandemic experience.’Charles Raab, Professor Emeritus, University of Edinburgh‘How should we talk about privacy? Before you answer that question, read this book. The seven veils of privacy is deep and erudite, yet accessible and even humorous. O’Hara takes us on a deeply researched and compelling journey through the points of disagreement in our privacy discourse. This book helps us understand why we keep talking past each other and how to have a more productive conversation about one of the most critical values of our time.’Woodrow Hartzog, Professor of Law, Boston University and author of Privacy’s Blueprint: The Battle to Control the Design of New Technologies -- .Table of ContentsIntroduction: the goal of this bookPart I: A concept in disarray?Part II: Explaining the disarrayPart III: A framework for privacy discoursesPart IV: Commentary on the frameworkPart V: Topics in privacy studiesConclusion: privacy in the time of COVIDIndex

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book SynopsisAn in-depth, on-the ground view of how Chinese officials have co-opted technology, infrastructure and the minds of their people to establish the definitive police state.When blocked from facts and truth, and constantly under surveillance, most citizens cannot discern between enemy and friend and don't have the information they need to challenge the government. Society quickly breaks down. Friends betray each other, bosses snitch on employees, teachers rat on their students, and children turn on their parents. Everyone must turn to their government for protection. even if the government is not their true protector. This is the Perfect Police State, and China has created one. In The Perfect Police State Geoffrey Cain, an Asia-based reporter, recounts his travels and investigations into the multifaceted and comprehensive surveillance network in the Western Chinese province of Xinjiang. Drawing on first-hand testimony, and one citizen's tumultuous life and escape from Xinjiang, Cain describes the emergence of China's tech surveillance giants, and the implications for our global order, in an age of Covid-19 and police brutality protests. What results is a vivid and haunting investigation into how China established an effective and enduring technological dystopia.

Read more less

Book SynopsisSerious Cryptography is the much anticipated review of modern cryptography by cryptographer JP Aumasson. This is a book for readers who want to understand how cryptography works in today's world. The book is suitable for a wide audience, yet is filled with mathematical concepts and meaty discussions of how the various cryptographic mechanisms work. Chapters cover the notion of secure encryption, randomness, block ciphers and ciphers, hash functions and message authentication codes, public-key crypto including RSA, Diffie-Hellman, and elliptic curves, as well as TLS and post-quantum cryptography. Numerous code examples and real use cases throughout will help practitioners to understand the core concepts behind modern cryptography, as well as how to choose the best algorithm or protocol and ask the right questions of vendors. Aumasson discusses core concepts like computational security and forward secrecy, as well as strengths and limitations of cryptographic functionalities related toTrade Review“A superb introduction to modern encryption and cryptography. For those looking to quickly get up to speed on the topics, this makes for an excellent go-to guide.”—Ben Rothke, RSA Conference“It's really a love letter to cryptography.”—Nadim Kobeissi“For those who really want to understand how cryptography works, and who need to use it in practice, I thoroughly recommend Serious Cryptography.”—Martijn Grooten, Virus Bulletin“Impressive in its breadth...the state of the art in applied cryptography is distilled here in a mere 282 pages.”—Federico Lucifredi, The Hub“Aumasson successfully ensures that the reader has a strong understanding of cryptography’s core ideas... Serious Cryptography is a must read for anyone wanting to enter cryptographic engineering.”—Infosecurity Magazine“Each chapter not only explains concepts and key implementation details, but also highlights possible pitfalls, common mistakes, and finishes with a list of recommended materials.”—Artificial Truth"Jean-Philippe Aumasson's Serious Cryptography is a classic (and serious) introduction to the field."—Mary Branscombe, ZDNet"It's advanced but the best book I've ever read for PKI is Serious Cryptography by Aumasson. Probably don't want to start with it but if you get serious you'll want to read it."—Chris Sandvick, @ChrisSandvick"My favorite reference."—Colin O'Flynn, Circuit Cellar"For those wanting to go beyond the basics of cryptography in the blockchain, 'Serious Cryptography' by Jean-Philippe Aumasson is an invaluable resource."—Halborn SecurityTable of ContentsForeword by Matthew D. GreenPrefaceAbbreviationsChapter 1: EncryptionChapter 2: RandomnessChapter 3: Cryptographic SecurityChapter 4: Block CiphersChapter 5: Stream CiphersChapter 6: Hash FunctionsChapter 7: Keyed HashingChapter 8: Authenticated EncryptionChapter 9: Hard ProblemsChapter 10: RSAChapter 11: Diffie–HellmanChapter 12: Elliptic CurvesChapter 13: TLSChapter 14: Quantum and Post-QuantumIndex

Read more less

Book SynopsisThis book explores the use of Social Security Numbers (SSN) and Identity Theft. The SSN was created in 1936 for the purpose of tracking workers'' earnings for benefits purposes. Since that time, however, SSN usage has expanded to encompass a myriad of purposes well beyond the operation of the Social Security system. This book describes how criminals acquire SSNs and how they use them to commit identity theft. How organisations such as financial institutions, insurers, universities, health care entities, government agencies, and innumerable other organisations use this nine-digit sequence as a default identifier is also examined. Furthermore, existing statutes, regulations and private sector efforts designed to protect SSNs are looked at, including data security and data breach notification laws. This book concludes with specific FTC recommendations, which address both the supply and demand aspects of the SSN problem by proposing actions that would make SSNs less available to identify thieves, and would make it more difficult for them to misuse those SSNs they are able to obtain. This is an edited, excerpted and augmented edition of a Federal Trade Commission and GAO publication.

Read more less

Book Synopsis

Read more less

Book SynopsisA powerful argument for new laws and policies regarding cyber-security, from the former US Secretary of Homeland Security.The most dangerous threat we-individually and as a society-face today is no longer military, but rather the increasingly pervasive exposure of our personal information; nothing undermines our freedom more than losing control of information about ourselves. And yet, as daily events underscore, we are ever more vulnerable to cyber-attack. In this bracing book, Michael Chertoff makes clear that our laws and policies surrounding the protection of personal information, written for an earlier time, need to be completely overhauled in the Internet era. On the one hand, the collection of data-more widespread by business than by government, and impossible to stop-should be facilitated as an ultimate protection for society. On the other, standards under which information can be inspected, analysed or used must be significantly tightened. In offering his compelling call for action, Chertoff argues that what is at stake is not only the simple loss of privacy, which is almost impossible to protect, but also that of individual autonomy-the ability to make personal choices free of manipulation or coercion. Offering colourful stories over many decades that illuminate the three periods of data gathering we have experienced, Chertoff explains the complex legalities surrounding issues of data collection and dissemination today and charts a forceful new strategy that balances the needs of government, business and individuals alike.Trade ReviewEssential reading for leaders, legislators and those committed to preserving the balance between individual empowerment and individual freedom in the latest phase of our digital age. -- Rt Hon Lord (John) Reid, former UK Home Secretary and Secretary of State for DefenceMichael Chertoff provides an eye-opening account of just how effectively our personal data is being harvested by the private sector and how it can be used to manipulate us by hostile groups and governments. As a former Homeland Security Secretary and a distinguished lawyer his warnings, and advice on sensible steps that could be taken now to manage the risks, carry great weight. -- Sir David Omand, former Director of GCHQ/former UK Security and Intelligence CoordinatorThis important book offers highly intelligent commentary, of a kind I have not read elsewhere, on the challenges posed by the technology revolution and the accompanying 'explosion' of data...a 'must read' for experts and the general public alike. -- Sir John Scarlett, Chief of the Secret Intelligence Service (MI6) 2004-2009Important and insightful...an authoritative guide to understanding the legal and security challenges posed by the rapidly evolving digitally driven cyber landscape. * Washington Times *...works as both a Big Data primer and a clear-sighted road map for legislative changes * Publishers Weekly *A serious but accessible book on an important subject that affects us all. * Booklist *Few people - maybe only Michael Chertoff - could write a book like this. It combines his unique experience as Federal prosecutor, judge, assistant attorney general on 9/11 and then Secretary of Homeland Security to describe in layman's language the ubiquity of 'digital exhaust' we leave for others to learn about us and lawfully or unlawfully track us. This must-read book describes the barriers to 'opting out' and the need to modernise legal authorities if we are to protect both security and privacy. -- Jane Harman, CEO of the Wilson Center and former member of U.S. House of Representatives Intelligence and Homeland Security committeesWhen George Orwell wrote 1984, little did he suspect that most of us would willingly carry the tools of our surveillance in our pockets. Michael Chertoff brings his unmatched legal skills and experience to propose tougher restrictions on the use, retention and dissemination of the data that is exploding around us. This important book is a vote for sanity in the midst of chaotic change. -- Joseph S. Nye, Jr., author of THE FUTURE OF POWER

Read more less

Book SynopsisThere is no comprehensive federal privacy statute that protects personal information. Instead, a patchwork of federal laws and regulations govern the collection and disclosure of personal information and has been addressed by Congress on a sector-by-sector basis. Some contend that this patchwork of laws and regulations is insufficient to meet the demands of today''s technology. Congress, the Obama Administration, businesses, public interest groups and citizens are all involved in the discussion of privacy solutions. This book examines some of these efforts with respect to the protection of personal information and provides a brief overview of selected recent developments in the area of federal privacy law.

Read more less

Book SynopsisMicroservices Security in Action teaches readers how to secure their microservices applications code and infrastructure. After a straightforward introduction to the challenges of microservices security, the book covers fundamentals to secure both the application perimeter and service-to-service communication. Following a hands-on example, readers explore how to deploy and secure microservices behind an API gateway as well as how to access microservices accessed by a single-page application (SPA). Key Features Key microservices security fundamentals Securing service-to-service communication with mTLS and JWT Deploying and securing microservices with Docker Using Kubernetes security Securing event-driven microservices Using the Istio Service Mesh For developers well-versed in microservices design principles who have a basic familiarity with Java. About the technology As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk. Prabath Siriwardena is the vice president of security architecture at WSO2, a company that produces open source software, and has more than 12 years of experience in the identity management and security domain. Nuwan Dias is the director of API architecture at WSO2 and has worked in the software industry for more than 7 years, most of which he spent focusing on the API management domain. Both have helped build security designs for Fortune 500 companies including Boeing, Verizon, Nissan, HP, and GE.

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book SynopsisIn today''s world of smart phones, smart grids, and smart cars, companies are collecting, storing, and sharing more information about consumers than ever before. Although companies use this information to innovate and deliver better products and services to consumers, they should not do so at the expense of consumer privacy. This book provides an overview for how companies can act now to implement best practices to protect consumers'' private information. These best practices would include making privacy the "default setting" for commercial data practices and give consumers greater control over the collection and use of their personal data through simplified choices and increased transparency. Implementing these best practices will enhance trust and stimulate commerce.

Read more less

Book SynopsisThis book is a study of select issues and laws relating to privacy in the 21st century. Topics examined include an overview of federal law governing wiretapping and electronic eavesdropping under the Electronic Communications Privacy Act (ECPA); background and issues related to the USA PATRIOT Act reauthorisation on government collection of private information; the United States v. Jones court case involving GPS monitoring, property and privacy; Fourth Amendment implications and legislative responses to drones in domestic surveillance operations; and the privacy and security concerns surrounding smart meter technology.

Read more less

Book SynopsisGain in-depth knowledge about how companies manipulate and exploit personal data. A book that does not require particular technical knowledge – just mere curiosity to explore the subject. From tech experts to the general public, Data for All is the ground-breaking guide to help with the ways third parties use personal data. Written by bestselling author John K Thompson, this edition will aid your understanding of areas, such as The types of data you generate with every action, every day Where your data is stored, who controls it, and how much money they make from it How you can manage access and monetisation of your own data Restricting data access to only companies and organisations you want to support The history of how we think about data, and why that is changing The new data ecosystem is being built right now for your benefit About the technology For years, companies have had free rein to use every click, purchase, and “like” you make, to earn money. Now, across the globe, new laws have been written, passed, and are coming into force, giving individuals the right to access, delete, and monetise their own data. This book provides a vision of how you can use these laws, regulations, and services to directly benefit from your data in new and lucrative ways.

Read more less

Book SynopsisWith the expansion of technology and governance, the information governance industry has experienced dramatic and often, sudden changes. Among the most important shifts are the proliferation of data privacy rules and regulations, the exponential growth of data and the need for removing redundant, obsolete, and trivial information and the growing threat of litigation and regulatory fines based on a failure to properly keep records and manage data. At the same time, longstanding information governance standards and best practices exist, which transcend the sudden vicissitudes of the day.This volume focuses on these core IG principles, with an emphasis on how they apply to our target audience, which includes law librarians, legal and research staff and other individuals and departments in both the public and private sectors who engage deeply with regulatory compliance matters.Core topics that will be addressed include: the importance of implementing and maintaining cohesive records management workflows that implement the classic principles of capturing, checking, recording, consolidation, and review; the classic records management principles of Accountability, Transparency, Integrity, Protection, Compliance, Accessibility, Retention and Disposition; and archives Management and the two principles of Providence and Original Order.

Read more less

Book Synopsis“Big tech” knows all your secrets and sells them to the highest bidder—this guide for the everyday tech user explains how it happens, why it matters, and how to protect yourself and your most precious commodities, your identity and privacy. THE GUIDE TO USING EVERYDAY TECH—FROM GOOGLE SEARCHES AND AMAZON TO GPS AND FACEBOOK—WITH EYES WIDE OPEN. What if somebody knew everything about you? Your . . . • relationships: work, social, and private • family history, finances, and medical records • even your exact location . . . at any time of the day • personal preferences and purchases Somebody does. That somebody is “Big Tech.” Facebook, Google, Amazon, Apple, and Microsoft know more about you than you do. And they make billions of dollars by cashing in on your private data. Our personal data, which Big Tech companies get for free, is the engine that drives the unregulated, free-for-all, Wild West world called the digital marketplace. These corporate giants may bring us information and entertainment, convenience and connection, but they also do a lot of harm by: • threatening our privacy, discovering and disseminating our personal information. • spreading dangerous misinformation from foreign governments and bad actors. • manipulating our behavior, affecting what we see, buy . . . even who we vote for. So, what can we do about it? This eye-opening book provides vital information that has been out of reach to those who need it most—the millions of Facebook, Google, Amazon, Apple, and Microsoft users who have come to love and depend upon these digital products. Veteran consumer advocate Jane Hoffman makes the complex world of Big Tech simple to grasp as she reveals exactly how Big Tech uses—and abuses—your personal information. And she proposes a bold blueprint for reforming these corporate behemoths—including a data dividend. Your Data, Their Billions is a guidebook to everything at stake in our digital society, from Big Tech’s overreach into our daily lives to its practices that threaten our democracy. Knowledge is power—and it starts here.

Read more less

Book Synopsis

Read more less

Book SynopsisTop analyst Leslie Gruis’s timely new book argues that privacy is an individual right and democratic value worth preserving, even in a cyberized world. Since the time of the printing press, technology has played a key role in the evolution of individual rights and helped privacy emerge as a formal legal concept.All governments exercise extraordinary powers during national security crises. In the United States, many imminent threats during the twentieth century induced heightened government intrusion into the privacy of Americans. The Privacy Act of 1974 and the Foreign Intelligence Surveillance Act (FISA, 1978) reversed that trend. Other laws protect the private information of individuals held in specific sectors of the commercial world. Risk management practices were extended to computer networks, and standards for information system security began to emerge. The National Institute of Standards and Technology (NIST) incorporated many such standards into its Cybersecurity Framework, and is currently developing a Privacy Framework. These standards all contribute to a patchwork of privacy protection which, so far, falls far short of what the U.S. constitutional promise offers and what our public badly needs. Greater privacy protections for U.S. citizens will come as long as Americans remember how democracy and privacy sustain one another, and demonstrate their commitment to them.

Read more less

Book SynopsisIn The Privacy Pirates, former National Security Agency intelligence officer Dr. Leslie Gruis explains the origins of American privacy and its deep connection to freedom and the American dream. She discusses some of the controversial issues, covering everything from attempts to protect privacy rights—many unsuccessful—to abuses of privacy by large companies and accusations of privacy invasion by the government. All of it is explained in plain language, with humor and clarity, and is accompanied at the start of every chapter by the compelling story of 14-year-old Alice and her family as they attempt to negotiate a modern world full of Privacy Pirates."Your rights are under attack from the Privacy Pirates," says Gruis. "Government intrusion is nothing compared to the things companies like Facebook and Google are getting away with every day." Take the journey with Alice, get informed about your privacy rights, and learn how you, too, can defeat the Privacy Pirates.

Read more less