V1 - The book uses practical lessons learned in applying real-life concepts and tools to help security leaders and their teams craft and implement strategies. A common goal is to find the right balance between compliance, privacy requirements, and the business utility of data.
V2 - The book will review how new and old privacy-preserving techniques can provide practical protection for data in transit, use, and rest. It will use practical lessons in Data Integrity, and Trust, and data's business utility. It is based on a good understanding and experience of new and old technologies, emerging trends, and a broad experience from many projects in this domain.
Volume 1
Introduction, Acknowledgments. About the Author. SECTION I Introduction and Vision. Chapter 1 Privacy, Risks, and Threats. Chapter 2 Trends and Evolution. Chapter 3 Best Practices, Roadmap, and Vision. SECTION II Data Confidentiality and Integrity. Chapter 4 Computing on Encrypted Data. Chapter 5 Reversible Data Protection Techniques. Chapter 6 Non-Reversible Data Protection Techniques. SECTION III Users and Authorization. Chapter 7 Access Control. Chapter 8 Zero Trust Architecture. SECTION IV Applications. Chapter 9 Applications, APIs, and Privacy by Design. Chapter 10 Machine Learning and Analytics. Chapter 11 Secure Multiparty Computing. Chapter 12 Encryption and Tokenization of International Unicode Data. Chapter 13 Blockchain and Data Lineage. SECTION V Platforms. Chapter 14 Hybrid Cloud, CASB, and SASE. Chapter 15 HSM, TPM, and Trusted Execution Environments. Chapter 16 Internet of Things. Chapter 17 Quantum Computing. Chapter 18 Summary. Appendix A Standards and Regulations. Appendix B Governance, Guidance, and Frameworks. Appendix C Data Discovery and Search. Appendix D Digital Commerce, Gamification, and AI. Appendix E Innovation and Products. Appendix F Glossary. Index.
Volume 2
Section 1. Vision and Best Practices. 1. Risks and Threats. 2. Opportunities and Innovation. 3. Best Practices. 4. Vision and Roadmap. Section 2. Trust and Hybrid Cloud. 5. Zero Trust and Zero-knowledge proofs. 6. Data Protection for Hybrid Cloud. 7. Web 3.0 and Data Security. Section 3. Data Quality. 8. Metadata and Provenance of Data. 9. Data Security and Quality. 10. Analytics, Data Lakes, and Federated learning. Summary. Glossary. Appendices. A. The Future of Encryption. B. Synthetic Data and differential privacy. C. API Security. D. Blockchain Security. E. Data Governance Tools.
Biography
Ulf Mattsson is a recognized information security and data privacy expert with a strong track record of more than two decades implementing cost-effective data security and privacy controls for global Fortune 500 institutions, including Citigroup, Goldman Sachs, GE Capital, BNY Mellon, AIG, Visa USA, Mastercard Worldwide, American Express, The Coca Cola Company, Wal-Mart, BestBuy, KOHL's, Microsoft, IBM, Informix, Sybase, Teradata, and RSA Security. He is currently the Chief Security Strategist and earlier the Chief Technology Officer at Protegrity, a data security company he co-founded after working 20 years at IBM in software development. Ulf is an inventor of more than 70 issued U.S. patents in data privacy and security. Ulf is active in the information security industry as a contributor to the development of data privacy and security standards in the Payment Card Industry Data Security Standard (PCI DSS) and American National Standards Institute (ANSI) X9 for the financial industry. He is on the advisory board of directors at PACE University, NY, in the area of cloud security and a frequent speaker at various international events and conferences, including the RSA Conference, and the author of more than 100 in-depth professional articles and papers on data privacy and security, including IBM Journals, IEEE Xplore, ISSA Journal and ISACA Journal. Ulf holds a master's in physics in Engineering from Chalmers University of Technology in Sweden.
Praise for the Book
"Ulf’s experiences are applied pragmatically to where the world is today and headed in the future. The methods and systems described in the book will help any group accelerate improves and maintain data and privacy practices."
- Brian Albertson, CRISC, CDPSE, ITIL, VP of Operations for ISACA Atlanta Chapter | IT Risk Management Execution Led, State Farm
Ulf Mattssons's book will help distill the complexities of privacy into a concise, compact, easy-to-follow desktop reference. As privacy becomes more important to a company's operational well-being and survival, with GDPR and other privacy-related fines heading upwards to the millions and sometimes billions of dollars, security leaders, especially in small and midsized firms, are finding their swim lanes getting broader, encompassing privacy as an area of responsibility. This book will help navigate, identify gaps and provide practical examples and ideas for building a sustainable and essential privacy framework for any organization.
- Wei Tschang, CISSP, CIPP/US, CISA, CISM, CGEIT, First VP for ISACA New York Metropolitan Chapter | Head of Information Security, Cadwalader, Wickersham, & Taft LLP
Ulf Mattson, whose security insights I have cherished for years, has written the book that C-levels need to read. Data’s value to an enterprise is well known, but Ulf explores how it’s also a danger. It’s a danger to the business in the hands of a cyberthief, it’s a danger to the business if it disappears (accidentally or maliciously), it’s a danger to business operations if it can’t be effectively managed, analyzed, stored and retrieved and it’s absolutely a danger to an enterprise when it hurts customers, which is what new data privacy laws are all about. Is data friend or foe? Frustratingly, it’s both. Read this book to know how to control data and stop it from controlling you.
- Evan Schuman, Computerworld weekly columnist, Moderator for MIT Sloan Management Review events, Member, Internet Press Guild
"Information and its usage is a massive component of the digital economy, something Ulf discusses extensively in this book. For privacy professionals looking to understand the complexities of applications at scale in this age, this book provides excellent (if not terrifying) diagrams of how modern systems work. APIs and distributed systems create value together, but that creates unique problems for those of us tasked with protecting the data driving that value. For cybersecurity professionals who want to understand more of what risk and privacy leaders are looking to solve for, this book provides crucial insight into the minds of privacy professionals as they work to apply legal and regulatory frameworks to daily operations."
- Branden R. Williams, DBA, CISSP, CISM
