دانلود کتاب Controlling Privacy and the Use of Data Assets - Volume 2: What is the New World Currency – Data or Trust?

فهرست مطالب :

Cover
Endorsement Page
Half Title
Series Page
Title Page
Copyright Page
Dedication
Table of Contents
Foreword – Ben Rothke, CISSP, CISM, Senior Information Security Manager, Tapad, Inc.New York, NY
Foreword – Jim Ambrosini, CISA, CRISC, CISSP Cybersecurity Consultant and CISO
Foreword – Richard Purcell, CEO, Corporate Privacy Group (former Chief PrivacyOfficer, Microsoft)
Acknowledgments
About the Author
Introduction
Who Should Read this Book
Why is Volume 2 of this Book Needed
How to Read this Book
Discussions about Trust in User, Apps, and Data
The Future of Data Privacy Technologies
Requirements, Use Cases, and Business Values
Discussions about System Capabilities
Section I: Vision and Best Practices
Chapter 1: Risks and Threats
Introduction
A Lack of Trust
Data Privacy
Privacy Becomes Mission Critical
The Threat Landscape
Threat for Businesses
Ransomware
Prevent Attacks
Data Security for Hybrid Cloud
Data Breaches
Insider Threat
Spectre-Class Vulnerabilities
Trends in Data Breaches
Prevent Attacks
Ransomware
Threat Landscape
Hacktivist
Ransomware
Ransomware-as-a-Service (RaaS)
Implications for Cyber Insurance
One in Seven Ransomware Extortion Attempts Leak Key Operational Tech Records
Misconfiguring a Cloud Database
Steal Data during Homomorphic Encryption
Crypto Crime Trends
DeFi Has Continued to Grow
Changing Drivers for Increased Cybersecurity Spending
Risk Reduction Is Still the Top Driver
Future of the SOC
Forces Shaping Modern Security Operations
Data Breach Response
Why This Is Important
Notes
Chapter 2: Opportunities
Introduction
Innovation
The Innovator’s Dilemma
Companies Often Fall into Comfortable Boxes
Privacy-Preserving Technology (PET) Is Evolving
Improve Business Usability
How Regulatory Frameworks Drive Technological Innovations
Regulation May Not Hinder Innovation
Regulations Help Innovation
GDPR Drives New Protection Techniques
Openness or Competition in Product Markets Provides Innovation
Innovation in Telecommunication
Growth in Patents
US Patent Filings in the Area of Granular Data Protection
Understand Regulation/Technology Linkages and Technology-Driving Approaches
Compliance Gives Enterprises an Assurance
Complex Regulation-Technology Relations
Innovation and New Initiatives in Cybersecurity Spending
Examining Your Innovation Portfolio
Innovation Stages
Basic Innovation Stages
Experimental Approaches
Combining Iterative and Experimental Approaches
Managing Innovation and Evolution
Innovation Management Maturity
Innovation Management Maturity Model
Emphasis on the Six Dimensions
The Opportunity
Opportunities in Security
Data Cataloging for Data Governance
Enterprises Are Collecting More Data, but Do They Know What To Do With It?
Worldwide Global Enterprise Data
From Big to Small and Wide Data
Notes
Chapter 3: Best Practices
Introduction
Use Cases
Use Cases Definitions
Use Cases Common Challenges
Use Cases Business Value Add
Use Cases Technical Value Add
The Future of Data Privacy
Example of Simple Steps to Find a Protect Data
What Regulations and Guidance Do You Need to Implement?
For Example, for GDPR, These Steps to Implement Data Security Could Be Followed
I Start to Scan Data Stores and Applications for Data That Need to Be Protected
I Chose a Protection Technique for Different Types of Data
Today’s Modern Data Protection Needs
Trends in Control of Data
More Data Is Outside Corporate Control
What Can We Do?
Data-at-Rest Encryption Only Does Not Provide Enough Protection from Data Theft
Trends in Data Protection integration
Confluence of Data Security Controls
DSP Future State
Cybersecurity Mesh
API Management
People and Process
Data Security Governance (DSG)
Privacy
Infonomics
Data Discovery and Classification
Data Masking
Database Encryption (Field/Record)
Tokenization
Full Disk Encryption
File Encryption
Enterprise Key Management (EKM) and Secret Management
Privacy-Enhancing Computation (PEC) Techniques
Spending on Data Protection
How to Enhance Maturity
Current State
Gap Analysis and Interdependencies
Organizational Silos and Existing Investments
Semantic Sensitive-data Visibility and Control
Composable Architecture
Paradigm Shift from Need-to-Know to Need-to-Share
Streamline Your Current Data-centric Security Architecture
Data Security State
Data Security Current State
Data Security Future State
Data Silos
The Convergence Is Continuing
Data Lineage, Provenance, and Catalogs
Catalogs
Best-in-Class Companies
Impact of Privacy Laws by Region
Technologies That Help Operationalize Privacy
Converging Platforms
Hyperconverged Data Security Platform (HDSP)
Privacy Impact Assessment
Life Cycle API Management
Life Cycle Application Programming Interface (API) Management
Encrypting and Linking Transactions
A Strategic Roadmap for Data Security Platforms
Summary
Notes
Chapter 4: Vision and Roadmap
Introduction
Data Growth
Estimated Terabytes of Data Worldwide, 2019–2024
Reframing Security
Reframing the Security Practice
Rethinking Technology
Technologies That Help Operationalize Privacy
Enterprise Low-Code Application Platforms
Summary
Notes
Section II: Trust and Hybrid Cloud
Chapter 5: Zero Trust and Hybrid Cloud
Introduction
What Is Zero Trust?
ZTA is a Security Plan
ZT Network Access (Software Defined Perimeter)
Secure Access Service Edge (SASE)
Secure Access Service Edge (details)
Positioning of ZTA
Zero Trust Architecture
Traditional Perimeter Shortcomings
Steps to Build a Zero Trust Model
Tenets of Zero Trust Architecture
Logical Components of Zero Trust Architecture
Shortcomings Identity security Current state
Policy
Policy Engine (PE)
Policy Administrator (PA)
Role-Based Policy Enforcement
Policy-Based Enforcement
Shortcomings Identity Security Current State
Drivers
Secure Access Service Edge (SASE)
Why This Is Important
Firewall as a Service (FWaaS)
Cloud Web Application and API Protection (WAAP)
Sovereign Cloud
Why This Is Important
Zero Trust is the First Step to Gartner’s CARTA
Shortcomings Identity Security Current State Steps to Build Gartner’s CARTA
Policy
Open Policy Agent
NSTAC, Zero Trust, and NIST 800-207
Microsegmentation Is Essential for Zero Trust Private Networks
Remote Workforce Security and Ease of Use
Zero Trust Maturity Model
Zero Trust Maturity Model using Three Stages
Pillar #5 Data
Zero Trust Maturity Model Stages and Descriptions
Zero Trust Maturity Model Summary
Zero Trust Maturity Model for Data
Technologies for Data Privacy in ZTA
Migrating to Public Cloud
Data Security for Hybrid Cloud
Easier Segmentation That Starts with a Map
Vendors for Zero Trust Network Access
Market Direction
Private Set Intersection
Summary
Notes
Chapter 6: Data Protection for Hybrid Cloud
Introduction
Use Cases for Data Use and Data Sharing
Healthcare Use Cases
Financial Services Use Cases for Data Use
Financial Services Use Cases Data Generation
Confidence in the Cloud Continues to Grow
Immutable Infrastructure
Drivers
Container and Kubernetes Security
Drivers
User Recommendations
Cloud Security Posture Management
Enterprise Key Management
Drivers
Obstacles
Mitigate Data Security and Privacy Risks
Identity-based Segmentation
Drivers
Obstacles
Practical Guidance for Cloud Computing
NIST Cloud Computing Reference Architecture
Assessing the Risks
Five Sub-Steps for Data Residency Management
Security in the Cloud Service Agreements
Critical Controls for SaaS
Data Encryption
Healthcare Standards
Cloud Databases
Mistakes in Multi-Cloud Environments
Top Three Mistakes in Multi-Cloud Environments
Hybrid Cloud
DataBase Proxy
Summary of Keys to Success
Security for Cloud Computing
A Cloud Security Assessment to assess the security capabilities of cloud providers
Architecture for Encryption as a Service
Data in the Cloud
Policy and Enforcement
Key Management
Enterprisewide Encryption Key Management (EKM)
Key Management Administration
Bring Your Own Key
Data Security Governance
Cloud Key Management
Keys, Key Versions, and Key Rings
Key Hierarchy
Cloud KMS Platform Overview
Cloud KMS Platform Architectural Details
Master Keys
Data Residency
Random Number Generation and Entropy
Cloud KMS HSM Backend: HARDWARE Protection Level
Cavium HSMs
HSM Key Hierarchy
Datastore Protection
Cloud KMS: Key Import
Lifecycle of a Request
Cloud Access Security Brokers (CASBs)
Platforms
Summary
Notes
Chapter 7: Web 3.0 and Data Security
Introduction
Oracle Contracts
Security Tools Embedded in the Smart Contract Development Life Cycle (DevSecOps)
Smart Contract Development Lifecycle
Secure Smart Contract Development Lifecycle (SSCDL)
Private Data and Removal of Peers
A Distributed Hash Table (DHT)
Web
History of the Web
What Are dApps and Web3 apps?
Distributed Tables
Kademlia Is a Distributed Hash Table
Blockchain-Based Applications
Smart Contracts of Web3 apps
Ethereum JavaScript API
Dapp With Web3.js
Clients
Different Implementations
OpenEthereum
Overview of Strategies
What Are Nodes and Clients?
Decentralized Applications (DApps)
Smart Contracts and DeFi
DApps and Web3
Decentralized Finance (DeFi)
NAP—A True Cross-blockchain Token
Web3 Storage
IPFS
Storj
Blockchains in the Quantum Era
Storing Private Keys
Summary
Notes
Section III: Data Quality
Chapter 8: Metadata and The Provenance of Data
Introduction
Data Classification
Discover, Understand, and Leverage All Your Enterprise Data
Why You Need a Catalog of Catalogs?
Data Intelligence
A Data Marketplace
Data Monetization
Build a Metadata Repository
Sensitive Data Mapping
Discovering and Understanding Relevant Data
AI and Data Lineage
Cloud Modernization
Customer Experience
Change Management and Impact Analysis
Operational Efficiency
Data Security
Data Governance
An AI-Powered Data Catalog
Essential Capabilities
Data Mesh
Layers
Consent and Preference Management Platforms
Why This Is Important
Metadata
Some Vendors
Alibaba Cloud
AWS
Azure
Google Cloud
IBM
The Provenance of Data
Provenance Sketches
Matrix Filter
SPADE’s Use of Matrix Filters
Differentially Private Synthetic Data
Use Cases and Utility
Differently Private Synthetic Data
Generating Synthetic Data
Software Tools: Marginal Distributions
Data Sanitization
Summary
Notes
Chapter 9: Data Security and Quality
Introduction
Data Quality Models
Cell-Oriented General-Purpose Models
Attribute-Oriented General-Purpose Models
Record-Oriented General-Purpose Models
Entropy-Based Model: This Model Has Been Proposed Here
Transformation Models
Data Quality
Data Quality Solutions
Storing Data
Distributed File Systems and Object Storage
Data Fabric
Data Governance in Support of Data Mesh
Privacy-Enhancing Computation
ARX Data Anonymization Tool
k-Anonymity
k-Map
Average Risk
Population Uniqueness
Sample Uniqueness
ℓ-Diversity
t-Closeness
δ-Disclosure Privacy
β-Likeness
δ-Presence
Profitability
Differential Privacy
Production Data
Nonproduction Data
Data Warehousing and Analytics
Data Sharing and Publishing
Regulatory Compliance
Use Tokenization and Format-preserving Encryption
Data Field Secrecy, Privacy, and Utility
Data Deidentification Architecture Choices
Static Data Masking
Tokenization and FPE Designs Can Be Implemented in Several Ways
Design with Deidentification Limits in Mind
Choose the Right Fields and Techniques to Protect Them
The Science of Reidentifying Data
Attacks on Privacy
Deidentification Technique Choices
Secure Multiparty Computation (SMPC)
Barriers
Homomorphic Encryption (HE)
Reason This Is Relevant
Operational Impact
Requirements
Barriers
Guidance
Summary
Notes
Chapter 10: Analytics, Data Lakes, and Federated Learning
Introduction
Use Cases for Data Analytics
Financial Services Use Cases for Data Analytics and Data Sharing
Healthcare Use Cases for Data Generation and Data Analytics
Data and Analytics (D&A)
Risks
Auto Anonymization
Auto Anonymization Based on ML
Big Data and Analytics
Cloud Customer Architecture for Big Data and Analytics
Data Lake Architecture
Best Practices
Data Governance
Data Catalog
A Data Fabric
Data and Governance
Data Governance
Data Quality
Data Catalog
Data Security
Data Sharing
Design Patterns for Security
Auditing
Access and Authorization Controls
Sharing by Reference
Federated Learning
Summary
Notes
Chapter 11: Summary
Glossary
Notes
Appendix A: The 2030 Environment
Introduction
Some Eras in Data Security
Quantum Computing and Quantum Cryptography
Any major breakthroughs
Quantum
Threat Solution Summary
Data Protection Inventory Fields
Testing
Quantum Threat and Project
Summary
Notes
Appendix B: Synthetic Data and Differential Privacy
Introduction
Synthetic Data
Generating Microdata Artificially
Randomization Techniques
General
Noise Addition
Permutation
Microaggregation
Sampling
Disruptions using Technology Innovation
Synthetic Data in A.I.
Description
Benefits and Uses
Benefits
Risks
Alternatives
Sythesizing Data
A Broad Definition of PETs
Differential privacy
Summary
Notes
Appendix C: API Security
Introduction
What You Need to Do to Protect Your APIs
Recommendations
Adopt a Continuous Approach to API Security
Use a Distributed Enforcement Model to Protect APIs across Your Entire
Confidence in Cloud Continues to Grow
Obstacles
APIs Are the Mechanism for Data Access
What Mechanisma Do You Use to Document and Inventory Your API?
Best Practices for API Discovery and Cataloging
Security Testing
Best Practices for Security Testing Include
API Mediation and Architecture
Best Practices for API Mediation and Architecture Include
Data Security
Best Practices for Data Security Include
Best Practices for Authentication and Authorization Include
Immutable Infrastructure
Summary
Notes
Appendix D: Blockchain Architecture and Zero-Knowledge Proof
Introduction
Reduce Operational Costs and Friction
Cloud Customer Architecture for Blockchain
Blockchain Basics
High-Level View of a Blockchain
Components of a Blockchain
Runtime Flow
Security
Decentralized Identity (DCI)
Zero-knowledge Proofs (ZKPs)
How Blockchain Technology Works–Asymmetric Encryption
Overview of a Blockchain–Workflow
Sharding and Pruning
Security Risks to Blockchain Ecosystems
Problem Areas
Problem Area 1
Challenge–Smart Contract Security
Challenge–Consensus Protocol Security
Solution Areas
Secure Transaction Ledgers
A Zero-knowledge Proof Requires Three Properties
Applications
SNARKs vs STARKs
SNARKs
STARKs
Smart Contracts Marketplace
Blockchain with Private Data
Running Medical Studies
Detecting Insurance Fraud
Solution
Data Encrypted with Multiple Keys
Secure Multiparty Computation
Data Encrypted with Their Own Secret Key
Smart Contracts
Business Objectives of Smart Contract
Who Are Your End Users?
Does Your Smart Contract Transact Currency?
Does Your Smart Contract Transfer Asset Titles?
Smart Contract Layer’s Interaction with Other Architectural Layers
Hyperledger Frameworks Supporting Smart Contracts
Threat Modeling
What Is Threat Modeling?
Why Create a Threat Model?
Threat Modeling Basics
Define Business Objectives/Requirements
Define the Scope of Threat Model Coverage
Identify Weaknesses, Vulnerabilities, and Threats
Analyze risk and impact
Be Aware of Blockchain Properties
Common Hyperledger Smart Contract Security Patterns and Vulnerabilities
A Closer Look at Two of the Vulnerabilities:
#1 Updates Using Rich Queries – Also Referred to as “Range Query Risk”
Countermeasures
#2 Pseudorandom Number Generator
Countermeasures
Centralized Oracles
I.B.M.’s Blockchain-Based Vaccine Passport
Summary
Notes
Appendix E: Data Governance Tools
Introduction
Risk Assessment
Data Risk Assessment
Operational Relevance
Requirements
Barriers
Risks Assessment
Financial Data Risk Assessment (FinDRA)
Requirements
Barriers
Privacy Impact Assessments (PIAs)
Requirements
Barriers
Guidance
Framework to Balance Business Needs and Risks
Recommendations
Data Classification
Impact
Requirements
Barriers
Privacy Management Tools
Importance
Operational Impact
Barriers
Guidance
Ensuring Protection of Your Data
Encryption Complexity
Measure Risk
Measure Re-Identification Risk in Structured Data
Popular Features
Risk Tools
Subject Rights Requests (SRRs)
Why This Is Important
Summary
Notes
Index