The Architecture of Privacy. On Engineering Technologies that Can Deliver Trustworthy Safeguards - Helion

ebook

Autor: Courtney Bowman, Ari Gesher, John K Grant
ISBN: 978-14-919-0451-0
stron: 200, Format: ebook
Data wydania: 2015-08-31
Księgarnia: Helion

Cena książki: 92,65 zł (poprzednio: 107,73 zł)
Oszczędzasz: 14% (-15,08 zł)

Osoby, które kupiły tę książkę, wybierały także »

Tagi: Bezpieczeństwo sieci | Bezpieczeństwo systemów

Technology’s influence on privacy not only concerns consumers, political leaders, and advocacy groups, but also the software architects who design new products. In this practical guide, experts in data analytics, software engineering, security, and privacy policy describe how software teams can make privacy-protective features a core part of product functionality, rather than add them late in the development process.

Ideal for software engineers new to privacy, this book helps you examine privacy-protective information management architectures and their foundational components—building blocks that you can combine in many ways. Policymakers, academics, students, and advocates unfamiliar with the technical terrain will learn how these tools can help drive policies to maximize privacy protection.

Restrict access to data through a variety of application-level controls
Use security architectures to avoid creating a single point of trust in your systems
Explore federated architectures that let users retrieve and view data without compromising data security
Maintain and analyze audit logs as part of comprehensive system oversight
Examine case studies to learn how these building blocks help solve real problems
Understand the role and responsibilities of a Privacy Engineer for maintaining your privacy architecture

Osoby które kupowały "The Architecture of Privacy. On Engineering Technologies that Can Deliver Trustworthy Safeguards", wybierały także:

Profesjonalne testy penetracyjne. Zbuduj własne środowisko do testów 67,42 zł, (20,90 zł -69%)
Windows Server 2003. Bezpieczeństwo sieci 74,69 zł, (23,90 zł -68%)
Spring Security. Kurs video. Metody zabezpieczania aplikacji webowych 69,00 zł, (31,05 zł -55%)
Bezpieczeństwo systemów informatycznych. Zasady i praktyka. Wydanie IV. Tom 2 99,00 zł, (49,50 zł -50%)
Hartowanie Linuksa we wrogich środowiskach sieciowych. Ochrona serwera od TLS po Tor 59,00 zł, (29,50 zł -50%)

Spis treści

The Architecture of Privacy. On Engineering Technologies that Can Deliver Trustworthy Safeguards eBook -- spis treści

Foreword
Preface
- Who Should Read This Book
- Why We Wrote This Book
- A Word on Privacy and Technology Today
- Navigating This Book
- Safari Books Online
- How to Contact Us
- Acknowledgments
  - Courtney Bowman
  - Ari Gesher
  - John K. Grant
  - Daniel Slate
I. Getting Started
1. What Is Privacy?
- How to Think About Privacy
  - Defining Privacy
  - A Short History of U.S. Informational Privacy
  - Today
  - East Coast Code and West Coast Code
- Why Privacy Is Important
- Before You Get Started
2. Personal Data and Privacy
- Data Collection: Understanding Privacys First Frontier
- Policy Considerations
- Implementation Considerations
- Conclusion
3. Case Studies in Data Collection
- Google Street View WiFi: Inadvertent Over-Collection of Data
- iPhone Location Database
- Conclusion
4. Information Security: Protecting Data from Unauthorized Access
- InfoSec Best Practices for Privacy-Protected Systems
- Further Reading
- Conclusion
II. Access and Control: Controlling Authorized Data Access
5. Security Architecture
- Overview
- Separating Roles, Separating Powers
- Making Roles Secure
  - The End User
  - The Application Administrator
  - The System Administrator
  - The Hardware or Cloud Administrator
  - The Network Administrator
- Conclusion
6. Access Controls
- Overview
- Access-Control Models
- Types of Access
  - Basic Access
  - Discovery Access
- Managing Access
  - Role-Based Access
  - Time-Based Access, or Data Leasing
  - Functional Access
- Strengths and Weaknesses of Access Control
  - Strengths
  - Weaknesses
- Access Controls and the Fair Information Practice Principles (FIPPs)
- When to Use Access Controls
- Conclusion
7. Data Revelation
- Overview
- The Case for Data Revelation
- Requirements of Data Revelation
- Selective Revelation
- Purpose-Driven Revelation
- Scope-Driven Revelation
- Hybrid Revelation and Practical Scoping
- Designing for Data Revelation
- Strengths and Weaknesses of Data Revelation
  - Strengths
  - Weaknesses
- Data Revelation and the Fair Information Practice Principles (FIPPs)
- When to Use Data Revelation
- Conclusion
III. Oversight: Holding Users and Systems Accountable
8. Federated Systems
- Overview
- Always-On Federation
- Asynchronous Federation
- Asking Out and Being Asked
- Strengths and Weaknesses of Federated Systems
  - Strengths
  - Weaknesses
- Federated Systems and the Fair Information Practice Principles (FIPPs)
- When to Use Federated Architecture
  - Complex Regulatory Regimes
  - Lack of Trust
  - PR Imperatives
- Conclusion
9. Audit Logging
- Overview
- Why Are Audit Records Important?
- But Auditing Is Easy, Right?
- What Are the Challenges to Effective Auditing and How Do I Meet Them?
  - Perspective
  - Context
  - Format and Readability
  - Scale
  - Retrievability
  - Security
  - Access Control
  - Retention
- Audit Logging and the Fair Information Practice Principles (FIPPs)
- Advanced Auditing Considerations
  - Reactive Versus Proactive Auditing
  - Emergency Stop for Audit-Log Failures
  - Audit the Auditors
- Conclusion
10. Data Retention and Data Purging
- Overview
- What Is Data Retention?
- Why Is Data Retention Important?
- How to Set Retention and Purge Policies
- So You Want to Purge Data. Now What?
  - Nondeletion Purging (or Not-Quite-Gone)
    - Partial redaction
    - Anonymization
    - Access controls
    - Data leasing
    - Archiving
  - Deletion Purging (or Gradations of Gone)
    - Soft deletion
    - Deletion-by-encryption
    - Hard delete
    - Physical hardware destruction
- Practical Steps of Data Retention
- Data Retention, Purging, and the FIPPs
  - Designing Deletes
- Conclusion
IV. Putting It All Together
11. Practical Applications and Use Cases
- Basic Framework
- Use Case #1: Social Media Analysis
- Use Case #2: Secure Messaging
- Use Case #3: Automated License Plate Readers (ALPR)
- Conclusion
12. Enter the Privacy Engineer
- The Role of the Privacy Engineer
  - Privacy Engineers: How to Find One
    - Domain expertise
    - Practical application
    - Communication skills
    - Engineering skills
    - Tempered passion
- Avoiding Privacy Tunnel Vision
- Conclusion
13. The Future of Privacy
- The Death of Privacy
- Legal Reform
- Greater Transparency and Control
- Privacy in Plain Sight
- The Destiny of Data
- Anonymization Under Siege
- Expect the Unexpected
Index