Controlling Privacy and the Use of Data Assets - Volume 2 What is the New World Currency – Data or Trust?
The book will review how new and old privacy-preserving techniques can provide practical protection for data in transit, use, and rest. We will position techniques like Data Integrity and Ledger and will provide practical lessons in Data Integrity, Trust, and data’s business utility.
Based on a good understanding of new and old technologies, emerging trends, and a broad experience from many projects in this domain, this book will provide a unique context about the WHY (requirements and drivers), WHAT (what to do), and HOW (how to implement), as well as reviewing the current state and major forces representing challenges or driving change, what you should be trying to achieve and how you can do it, including discussions of different options. We will also discuss WHERE (in systems) and WHEN (roadmap). Unlike other general or academic texts, this book is being written to offer practical general advice, outline actionable strategies, and include templates for immediate use. It contains diagrams needed to describe the topics and Use Cases and presents current real-world issues and technological mitigation strategies. The inclusion of the risks to both owners and custodians provides a strong case for why people should care.
This book reflects the perspective of a Chief Technology Officer (CTO) and Chief Security Strategist (CSS). The Author has worked in and with startups and some of the largest organizations in the world, and this book is intended for board members, senior decision-makers, and global government policy officials—CISOs, CSOs, CPOs, CTOs, auditors, consultants, investors, and other people interested in data privacy and security. The Author also embeds a business perspective, answering the question of why this an important topic for the board, audit committee, and senior management regarding achieving business objectives, strategies, and goals and applying the risk appetite and tolerance.
The focus is on Technical Visionary Leaders, including CTO, Chief Data Officer, Chief Privacy Officer, EVP/SVP/VP of Technology, Analytics, Data Architect, Chief Information Officer, EVP/SVP/VP of I.T., Chief Information Security Officer (CISO), Chief Risk Officer, Chief Compliance Officer, Chief Security Officer (CSO), EVP/SVP/VP of Security, Risk Compliance, and Governance. It can also be interesting reading for privacy regulators, especially those in developed nations with specialist privacy oversight agencies (government departments) across their jurisdictions (e.g., federal and state levels).
Foreword – Ben Rothke, CISSP, CISM, Senior Information Security Manager, Tapad, Inc. New York, NY. Foreword – Jim Ambrosini, CISA, CRISC, CISSP Cybersecurity Consultant and CISO. Foreword – Richard Purcell, CEO, Corporate Privacy Group (former Chief Privacy. Officer, Microsoft). Acknowledgments. About the Author. Introduction. SECTION I Vision and Best Practices. Chapter 1 Risks and Threats. Chapter 2 Opportunities. Chapter 3 Best Practices. Chapter 4 Vision and Roadmap. SECTION II Trust and Hybrid Cloud. Chapter 5 Zero Trust and Hybrid Cloud. Chapter 6 Data Protection for Hybrid Cloud. Chapter 7 Web 3.0 and Data Security. SECTION III Data Quality. Chapter 8 Metadata and the Provenance of Data. Chapter 9 Data Security and Quality. Chapter 10 Analytics, Data Lakes, and Federated Learning. Chapter 11 Summary. Glossary. Appendix A: The 2030 Environment. Appendix B: Synthetic Data and Differential Privacy. Appendix C: API Security. Appendix D: Blockchain Architecture and Zero-Knowledge Proof. Appendix E: Data Governance Tools. Index.
Praise for the Book
"Ulf’s experiences are applied pragmatically to where the world is today and headed in the future. The methods and systems described in the book will help any group accelerate improves and maintain data and privacy practices."
- Brian Albertson, CRISC, CDPSE, ITIL, VP of Operations for ISACA Atlanta Chapter | IT Risk Management Execution Led, State Farm
Ulf Mattssons's book will help distill the complexities of privacy into a concise, compact, easy-to-follow desktop reference. As privacy becomes more important to a company's operational well-being and survival, with GDPR and other privacy-related fines heading upwards to the millions and sometimes billions of dollars, security leaders, especially in small and midsized firms, are finding their swim lanes getting broader, encompassing privacy as an area of responsibility. This book will help navigate, identify gaps and provide practical examples and ideas for building a sustainable and essential privacy framework for any organization.
- Wei Tschang, CISSP, CIPP/US, CISA, CISM, CGEIT, First VP for ISACA New York Metropolitan Chapter | Head of Information Security, Cadwalader, Wickersham, & Taft LLP
Ulf Mattson, whose security insights I have cherished for years, has written the book that C-levels need to read. Data’s value to an enterprise is well known, but Ulf explores how it’s also a danger. It’s a danger to the business in the hands of a cyberthief, it’s a danger to the business if it disappears (accidentally or maliciously), it’s a danger to business operations if it can’t be effectively managed, analyzed, stored and retrieved and it’s absolutely a danger to an enterprise when it hurts customers, which is what new data privacy laws are all about. Is data friend or foe? Frustratingly, it’s both. Read this book to know how to control data and stop it from controlling you.
- Evan Schuman, Computerworld weekly columnist, Moderator for MIT Sloan Management Review events, Member, Internet Press Guild
"Information and its usage is a massive component of the digital economy, something Ulf discusses extensively in this book. For privacy professionals looking to understand the complexities of applications at scale in this age, this book provides excellent (if not terrifying) diagrams of how modern systems work. APIs and distributed systems create value together, but that creates unique problems for those of us tasked with protecting the data driving that value. For cybersecurity professionals who want to understand more of what risk and privacy leaders are looking to solve for, this book provides crucial insight into the minds of privacy professionals as they work to apply legal and regulatory frameworks to daily operations."
- Branden R. Williams, DBA, CISSP, CISM