Information Security and Privacy Quick Reference: The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer

A fast, accurate, and up-to-date desk reference for information security and privacy practitioners everywhere

Information security and privacy roles demand up-to-date knowledge coming from a seemingly countless number of sources, including several certifications—like the CISM, CIPP, and CISSP—legislation and regulations issued by state and national governments, guidance from local and industry organizations, and even international bodies, like the European Union.

The Information Security and Privacy Quick Reference: The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer is an updated, convenient, and accurate desk reference for information privacy practitioners who need fast and easy access to the latest guidance, laws, and standards that apply in their field. This book is the most effective resource for information security professionals who need immediate and correct solutions to common and rarely encountered problems.

An expert team of writers—Joe Shelley, James Michael Stewart, and the bestselling technical author, Mike Chapple—draw on decades of combined technology and education experience to deliver organized and accessible coverage of:

Security and Privacy Foundations
Governance, Risk Management, and Compliance
Security Architecture and Design
Identity and Access Management
Data Protection and Privacy Engineering
Security and Privacy Incident Management
Network Security and Privacy Protections
Security Assessment and Testing
Endpoint and Device Security
Application Security
Cryptography Essentials
Physical and Environmental Security
Legal and Ethical Considerations
Threat Intelligence and Cyber Defense
Business Continuity and Disaster Recovery

Information Security and Privacy Quick Reference is a must-have resource for CISOs, CSOs, Chief Privacy Officers, and other information security and privacy professionals seeking a reliable, accurate, and fast way to answer the questions they encounter at work every single day.

1146976419

Information Security and Privacy Quick Reference: The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer

A fast, accurate, and up-to-date desk reference for information security and privacy practitioners everywhere

Security and Privacy Foundations
Governance, Risk Management, and Compliance
Security Architecture and Design
Identity and Access Management
Data Protection and Privacy Engineering
Security and Privacy Incident Management
Network Security and Privacy Protections
Security Assessment and Testing
Endpoint and Device Security
Application Security
Cryptography Essentials
Physical and Environmental Security
Legal and Ethical Considerations
Threat Intelligence and Cyber Defense
Business Continuity and Disaster Recovery

30.0 In Stock

Information Security and Privacy Quick Reference: The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer

Add to Wishlist

Information Security and Privacy Quick Reference: The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer

Paperback

$30.00

View All Available Formats & Editions

Paperback
$30.00

View All Available Formats & Editions

SHIP THIS ITEM

In stock. Ships in 1-2 days.
PICK UP IN STORE

Your local store may have stock of this item.

Available within 2 business hours

Want it Today?
Check Store Availability

Related collections and offers

Overview

A fast, accurate, and up-to-date desk reference for information security and privacy practitioners everywhere

Security and Privacy Foundations
Governance, Risk Management, and Compliance
Security Architecture and Design
Identity and Access Management
Data Protection and Privacy Engineering
Security and Privacy Incident Management
Network Security and Privacy Protections
Security Assessment and Testing
Endpoint and Device Security
Application Security
Cryptography Essentials
Physical and Environmental Security
Legal and Ethical Considerations
Threat Intelligence and Cyber Defense
Business Continuity and Disaster Recovery

Product Details

ISBN-13:	9781394353316
Publisher:	Wiley
Publication date:	06/10/2025
Pages:	320
Product dimensions:	6.00(w) x 8.90(h) x 0.70(d)

About the Author

Mike Chapple, PhD, CISSP, CISM, CIPP/US, CIPM, and CCSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business. He is the bestselling author of over 50 technical books. He is also the Faculty Director of the University’s Business/Computer Science program.

Joe Shelley, CIPP/US, CIPM, and Security+, is the Vice President for Libraries and Information Technology at Hamilton College in New York. He oversees the information security and privacy programs, IT risk management, business intelligence and analytics, and data governance.

James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CEI, and CFR, has been writing and training for more than 25 years, with a focus on CISSP, internet security and ethical hacking/penetration testing. He is the author of and contributor to more than 80 books on security certification, Microsoft topics, and network administration.

Introduction xiii

1 Security and Privacy Foundations 1

Security 101 1

Confidentiality, Integrity, and Availability (CIA) 3

Disclosure, Alteration, and Destruction (DAD) 4

Authentication, Authorization, and Accounting (AAA) 5

Privacy in the Modern Era 6

Foundational Privacy Principles 8

Security and Privacy Frameworks 11

Security and Privacy Policies: Creation and Enforcement 14

Establishing Security Awareness Programs 16

Security Strategies 19

2 Governance, Risk Management, and Compliance 23

The Role of Governance in Security and Privacy 23

Key Regulations and Standards 26

Regulatory Compliance 29

Building and Managing a Risk Management Framework 32

Managing Third-Party Risks and Vendor Assessments 35

3 Security Architecture and Design 39

Principles of Secure Design 39

Security Operations Foundations 42

Ensuring Confidentiality, Integrity, and Availability 44

Understanding Security Models 46

Implementing Personnel Security 49

Applying Protection Mechanisms 52

System Resilience and High Availability 54

4 Identity and Access Management 57

IAM Core Concepts and Principles 57

Authentication Methods and Multifactor Authentication 60

Role-Based Access Control Versus Attribute-Based Access Control 62

Identity Federation and Single Sign-On 65

Zero Trust Architecture for IAM 68

Identity Governance Life Cycle 71

Access Control Attacks 73

5 Data Protection and Privacy Engineering 77

Data Classification and Labeling 77

Data Masking, Tokenization, and Encryption 80

Data Loss Prevention Strategies 82

Privacy by Design 85

Developing a Privacy Program 87

Cross-Border Data Transfers and Legal Implications 90

Data Subject Rights and Privacy Request Handling 93

Data Retention, Archiving, and Secure Disposal 96

6 Security and Privacy Incident Management 101

Incident Response Planning 101

Detection and Triage of Security and Privacy Incidents 104

Investigating Incidents 106

Communication Plans for Incident Response 110

Post-Incident Review and Lessons Learned 113

Privacy Breach Notifications and Regulatory Reporting 117

7 Network Security and Privacy Protections 121

Secure Network Components 121

Network Segmentation 125

System Hardening 128

Firewalls and Intrusion Detection/Prevention Systems 130

Virtual Private Networks and Secure Access Service Edge 133

Secure Wireless Network Management 136

Securing the Cloud 139

Network Monitoring 142

8 Security Assessment and Testing 145

Building a Security Assessment and Testing Program 145

Vulnerability Management 147

Understanding Security Vulnerabilities 150

Penetration Testing 153

Testing Software 155

Training and Exercises 158

9 Endpoint and Device Security 163

Endpoint Detection and Response 163

Network Device Security 166

Mobile Device Management 169

Understanding Malware 173

Malware Prevention 176

Patching and Vulnerability Remediation 178

10 Application Security 183

Secure Software Development Life Cycle 183

DevSecOps and DevOps Integration 187

Application Attacks 191

Injection Vulnerabilities 192

Authorization Vulnerabilities 194

Web Application Attacks 196

Application Security Controls 198

Coding Best Practices 201

11 Cryptography Essentials 205

Core Cryptography Concepts 205

Symmetric Cryptography 208

Asymmetric Cryptography 210

Hash Functions 213

Digital Signatures 216

Public Key Infrastructure 218

Key Management Best Practices 220

Cryptographic Attacks 222

12 Physical and Environmental Security 227

Security and Facility Design 227

Physical Access Controls and Monitoring 229

Security in Data Centers and Server Rooms 232

Environmental Controls 234

Implement and Manage Physical Security 235

13 Legal and Ethical Considerations 237

Computer Crime 238

Intellectual Property Laws 241

Software Licensing Laws 243

Import/Export Laws 244

Privacy Laws 246

Compliance 249

Ethical Considerations 250

14 Threat Intelligence and Cyber Defense 253

Threat Actors 253

Threat Vectors 256

Threat Intelligence 258

Threat Feeds 259

Threat Hunting 262

Assessing Threat Intelligence 263

Cyber Kill Chain and the MITRE ATT&CK 265

15 Business Continuity and Disaster Recovery 269

Project Scope and Planning 270

Conducting Business Impact Analysis 273

Business Continuity Planning Essentials 277

Recovery Planning Essentials 279

Disaster Recovery Strategies and Solutions 282

Testing and Simulation Exercises 284

Index 289

From the B&N Reads Blog

Page 1 of

Information Security and Privacy Quick Reference: The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer

Information Security and Privacy Quick Reference: The Essential Handbook for Every CISO, CSO, and Chief Privacy Officer

Paperback

Paperback

Related collections and offers

Overview

Product Details

About the Author

Table of Contents

Customer Reviews

Related collections and offers

Overview

Product Details

About the Author

Table of Contents

Related Subjects

Customer Reviews