Information Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best Practices

The Comprehensive Guide to Engineering and Implementing Privacy Best Practices As systems grow more complex and cybersecurity attacks more relentless, safeguarding privacy is ever more challenging. Organizations are increasingly responding in two ways, and both are mandated by key standards such as GDPR and ISO/IEC 27701:2019. The first approach, privacy by design, aims to embed privacy throughout the design and architecture of IT systems and business practices. The second, privacy engineering, encompasses the technical capabilities and management processes needed to implement, deploy, and operate privacy features and controls in working systems. In Information Privacy Engineering and Privacy by Design, internationally renowned IT consultant and author William Stallings brings together the comprehensive knowledge privacy executives and engineers need to apply both approaches. Using the techniques he presents, IT leaders and technical professionals can systematically anticipate and respond to a wide spectrum of privacy requirements, threats, and vulnerabilities—addressing regulations, contractual commitments, organizational policies, and the expectations of their key stakeholders. • Review privacy-related essentials of information security and cryptography • Understand the concepts of privacy by design and privacy engineering • Use modern system access controls and security countermeasures to partially satisfy privacy requirements • Enforce database privacy via anonymization and de-identification • Prevent data losses and breaches • Address privacy issues related to cloud computing and IoT • Establish effective information privacy management, from governance and culture to audits and impact assessment • Respond to key privacy rules including GDPR, U.S. federal law, and the California Consumer Privacy Act This guide will be an indispensable resource for anyone with privacy responsibilities in any organization, and for all students studying the privacy aspects of cybersecurity.

Table of Contents:
Preface     xxii PART I:  OVERVIEW     1 Chapter 1:  Security and Cryptography Concepts     2 1.1 Cybersecurity, Information Security, and Network Security     2     Security Objectives     3     The Challenges of Information Security     5 1.2 Security Attacks     6     Passive Attacks     8     Active Attacks     8 1.3 Security Services     10     Authentication     10     Access Control     11     Data Confidentiality     11     Data Integrity     11     Nonrepudiation     12     Availability Service     12 1.4 Security Mechanisms     12 1.5 Cryptographic Algorithms     13     Keyless Algorithms     14     Single-Key Algorithms     14     Two-Key Algorithms     15 1.6 Symmetric Encryption     15 1.7 Asymmetric Encryption     17 1.8 Cryptographic Hash Functions     20 1.9 Digital Signatures     22 1.10 Practical Considerations     23     Selection of Cryptographic Algorithms and Key Lengths     23     Implementation Considerations     24     Lightweight Cryptographic Algorithms     24     Post-Quantum Cryptographic Algorithms     25 1.11 Public-Key Infrastructure     25     Public-Key Certificates     25     PKI Architecture     27 1.12 Network Security     29     Communications Security     29     Device Security     30 1.13 Key Terms and Review Questions     30     Key Terms     30     Review Questions     31 1.14 References     31 Chapter 2:  Information Privacy Concepts     32 2.1 Key Privacy Terminology     32 2.2 Privacy by Design     35     Privacy by Design Principles     35     Requirements and Policy Development     37     Privacy Risk Assessment     37     Privacy and Security Control Selection     39     Privacy Program and Integration Plan     40 2.3 Privacy Engineering     41     Privacy Implementation     44     System Integration     44     Privacy Testing and Evaluation     45     Privacy Auditing and Incident Response     45 2.4 Privacy and Security     46     Areas of Overlap Between Security and Privacy     46     Trade-Offs Between Security and Privacy     48 2.5 Privacy Versus Utility     48 2.6 Usable Privacy     49     Users of Privacy Services and Functions     50     Usability and Utility     50 2.7 Key Terms and Review Questions     50     Key Terms     50     Review Questions     51 2.8 References     51 PART II:  PRIVACY REQUIREMENTS AND THREATS     53 Chapter 3:  Information Privacy Requirements and Guidelines     54 3.1 Personally Identifiable Information and Personal Data     55     Sources of PII     57     Sensitivity of PII     58 3.2 Personal Information That Is Not PII     59 3.3 Fair Information Practice Principles     63 3.4 Privacy Regulations     66     European Union     66     U.S. Privacy Laws and Regulations     67 3.5 Privacy Standards     68     International Organization for Standardization (ISO)     69     National Institute of Standards and Technology     77 3.6 Privacy Best Practices     88     Information Security Forum (ISF)     88     Cloud Security Alliance (CSA)     90 3.7 Key Terms and Review Questions     91     Key Terms     91     Review Questions     91 3.8 References     92 Chapter 4:  Information Privacy Threats and Vulnerabilities     94 4.1 The Evolving Threat Environment     95     Overall Impact of Advances in Technology     95     Repurposing Collected Data     96     Means of Collection of PII     96 4.2 Privacy Threat Taxonomy     97     Information Collection     98     Information Processing     98     Information Dissemination     98     Invasions     99 4.3 NIST Threat Model     100 4.4 Threat Sources     105 4.5 Identifying Threats     106 4.6 Privacy Vulnerabilities     108     Vulnerability Categories     108     Location of Privacy Vulnerabilities     109     National Vulnerability Database and Common Vulnerability Scoring System     110 4.7 Key Terms and Review Questions     114     Key Terms     114     Review Questions     115 4.8 References     116 PART III:  TECHNICAL SECURITY CONTROLS FOR PRIVACY     117 Chapter 5:  System Access     118 5.1 System Access Concepts     119     Privileges     119     System Access Functions     120     Privacy Considerations for System Access     121 5.2 Authorization     122     Privacy Authorization     123 5.3 User Authentication     124     Means of Authentication     125     Multifactor Authentication     126     A Model for Electronic User Authentication     127 5.4 Access Control     129     Subjects, Objects, and Access Rights     130     Access Control Policies     131     Discretionary Access Control     131     Role-Based Access Control     133     Attribute-Based Access Control     135 5.5 Identity and Access Management     140     IAM Architecture     140     Federated Identity Management     142 5.6 Key Terms and Review Questions     144     Key Terms     144     Review Questions     145 5.7 Reference     145 Chapter 6:  Malicious Software and Intruders     146 6.1 Malware Protection Activities     147     Types of Malware     147     The Nature of the Malware Threat     149     Practical Malware Protection     150 6.2 Malware Protection Software     153     Capabilities of Malware Protection Software     153     Managing Malware Protection Software     154 6.3 Firewalls     155     Firewall Characteristics     155     Types of Firewalls     156     Next-Generation Firewalls     163     DMZ Networks     164     The Modern IT Perimeter     165 6.4 Intrusion Detection     166     Basic Intrusion Detection Principles     167     Approaches to Intrusion Detection     167     Host-Based Intrusion Detection Techniques     169     Network-Based Intrusion Detection Systems     169     IDS Best Practices     171 6.5 Key Terms and Review Questions     172     Key Terms     172     Review Questions     173 6.6 References     174 PART IV:  PRIVACY ENHANCING TECHNOLOGIES     175 Chapter 7:  Privacy in Databases     176 7.1 Basic Concepts     178     Personal Data Attributes     179     Types of Data Files     180 7.2 Re-Identification Attacks     183     Types of Attacks     184     Potential Attackers     186     Disclosure Risks     186     Applicability to Privacy Threats     187 7.3 De-Identification of Direct Identifiers     188     Anonymization     189     Pseudonymization     189 7.4 De-Identification of Quasi-Identifiers in Microdata Files     190     Privacy-Preserving Data Publishing     192     Disclosure Risk Versus Data Utility     193     PPDP Techniques     194 7.5 K-Anonymity, L-Diversity, and T-Closeness     196     K-Anonymity     196     L-Diversity     198     T-Closeness     199 7.6 Summary Table Protection     199     Frequency Tables     200     Magnitude Tables     203 7.7 Privacy in Queryable Databases     204     Privacy Threats     205     Protecting Queryable Databases     206 7.8 Key Terms and Review Questions     211     Key Terms     211     Review Questions     212 7.9 References     212 Chapter 8:  Online Privacy     214 8.1 The Online Ecosystem for Personal Data     215 8.2 Web Security and Privacy     217     Web Server Security and Privacy     218     Web Application Security and Privacy     219     Web Browser Security and Privacy     222 8.3 Mobile App Security     224     Mobile Ecosystem     224     Mobile Device Vulnerabilities     225     BYOD Policies     227     Mobile Application Vetting     229     Resources for Mobile Device Security     230 8.4 Online Privacy Threats     231     Web Application Privacy     231     Mobile App Privacy     232 8.5 Online Privacy Requirements     234     Online Privacy Principles     234     Online Privacy Framework     236     Simplified Consumer Choice     241     Transparency of Data Practices     241 8.6 Privacy Notices     242     Notice Requirements     243     Notice Content     243     Notice Structure     246     Mobile App Privacy Notices     246     Privacy Notice Design Space     248 8.7 Tracking     250     Cookies     250     Other Tracking Technologies     253     Do Not Track     254 8.8 Key Terms and Review Questions     254     Key Terms     254     Review Questions     255 8.9 References     255 Chapter 9:  Other PET Topics     258 9.1 Data Loss Prevention     258     Data Classification and Identification     259     Data States     260     DLP for Email     262     DLP Model     263 9.2 The Internet of Things     266     Things on the Internet of Things     266     Components of IoT-Enabled Things     266     IoT and Cloud Context     267 9.3 IoT Security     270     IoT Device Capabilities     270     Security Challenges of the IoT Ecosystem     271     IoT Security Objectives     273 9.4 IoT Privacy     274     An IoT Model     275     Privacy Engineering Objectives and Risks     276     Challenges for Organizations     278 9.5 Cloud Computing     280     Cloud Computing Elements     280     Threats for Cloud Service Users     284 9.6 Cloud Privacy     285     Data Collection     286     Storage     287     Sharing and Processing     290     Deletion     290 9.7 Key Terms and Review Questions     290     Key Terms     290     Review Questions     291 9.8 References     291 PART V:  INFORMATION PRIVACY MANAGEMENT     293 Chapter 10:  Information Privacy Governance and Management     294 10.1 Information Security Governance     295     Information Security Management System     295     Information Security Governance Concepts     295     Security Governance Components     298     Integration with Enterprise Architecture     303     Policies and Guidance     307 10.2 Information Privacy Governance     308     Information Privacy Roles     308     The Privacy Program Plan     312 10.3 Information Privacy Management     315     Key Areas of Privacy Management     316     Privacy Planning     317     Privacy Policy     319 10.4 OASIS Privacy Management Reference Model     322     Privacy Management Reference Model and Methodology (PMRM)     322     Privacy by Design Documentation for Software Engineers     328 10.5 Key Terms and Review Questions     331     Key Terms     331     Review Questions     331 10.6 Reference     332 Chapter 11:  Risk Management and Privacy Impact Assessment     334 11.1 Risk Assessment     335     Risk Assessment Process     335     Risk Assessment Challenges     339     Quantitative Risk Assessment     340     Qualitative Risk Assessment     342 11.2 Risk Management     346     NIST Risk Management Framework     347     ISO 27005: Information Security Risk Management     348     Risk Evaluation     351     Risk Treatment     352 11.3 Privacy Risk Assessment     353     Privacy Impact     356     Likelihood     361     Assessing Privacy Risk     363 11.4 Privacy Impact Assessment     365     Privacy Threshold Analysis     365     Preparing for a PIA     366     Identify PII Information Flows     367     Identify Potential User Behavior     367     Determine Relevant Privacy Safeguarding Requirements     368     Assess Privacy Risk     368     Determine Risk Treatment     368     The PIA Report     369     Implement Risk Treatment     370     Review/Audit Implementation     370     Examples     371 11.5 Key Terms and Review Questions     371     Key Terms     371     Review Questions     372 11.6 References     372 Chapter 12:  Privacy Awareness, Training, and Education     374 12.1 Information Privacy Awareness     376     Awareness Topics     377     Awareness Program Communication Materials     378     Awareness Program Evaluation     379 12.2 Privacy Training and Education     380     Cybersecurity Essentials     380     Role-Based Training     381     Education and Certification     383 12.3 Acceptable Use Policies     384     Information Security Acceptable Use Policy     384     PII Acceptable Use Policy     386 12.4 Key Terms and Review Questions     386     Key Terms     386     Review Questions     387 12.5 References     387 Chapter 13:  Event Monitoring, Auditing, and Incident Response     388 13.1 Event Monitoring     388     Security Event Logging     389     Security Event Management     391     Event Logging Related to PII     392 13.2 Information Security Auditing     393     Data to Collect for Auditing     394     Internal and External Audits     395     Security Audit Controls     396 13.3 Information Privacy Auditing     398     Privacy Audit Checklist     398     Privacy Controls     400 13.4 Privacy Incident Management and Response     401     Objectives of Privacy Incident Management     401     Privacy Incident Response Team     402     Preparing for Privacy Incident Response     403     Detection and Analysis     405     Containment, Eradication, and Recovery     406     Notification to Affected Individuals     407     Post-Incident Activity     408 13.5 Key Terms and Review Questions     409     Key Terms     409     Review Questions     410 13.6 References     410 Part VI:  Legal and Regulatory Requirements     411 Chapter 14:  The EU General Data Protection Regulation     412 14.1 Key Roles and Terms in the GDPR     413 14.2 Structure of the GDPR     415 14.3 GDPR Objectives and Scope     417     Objectives     417     Scope of the GDPR     418 14.4 GDPR Principles     420     Fairness421     Lawful     422     Transparency     423 14.5 Restrictions on Certain Types of Personal Data     423     Children’s Personal Data     423     Special Categories of Personal Data     424 14.6 Rights of the Data Subject     426 14.7 Controller, Processor, and Data Protection Officer     428     Data Protection by Design and Default     428     Records of Processing Activities     429     Security of Processing     431     Data Protection Officer     431 14.8 Data Protection Impact Assessment     433     Risk and High Risk     433     Determining Whether a DPIA Is Needed     434     DPIA Process     436     GDPR Requirements     438     Criteria for an Acceptable DPIA     439 14.9 Key Terms and Review Questions     441     Key Terms     441     Review Questions     441 14.10 References     442 Chapter 15:  U.S. Privacy Laws     444 15.1 A Survey of Federal U.S. Privacy Laws     445 15.2 Health Insurance Portability and Accountability Act     449     HIPAA Overview     449     HIPAA Privacy Rule     450 15.3 Health Information Technology for Economic and Clinical Health Act     456     Breach Notification     456     Encryption of PHI     457     Data Destruction     459 15.4 Children’s Online Privacy Protection Act     460     General Provisions     460     The COPPA Final Rule     461 15.5 California Consumer Privacy Act     462     Basic Concepts     462     Rights of Consumers     466     Comparison with the GDPR     468 15.6 Key Terms and Review Questions     470     Key Terms     470     Review Questions     470 15.7 References     471 Index     472 Appendix (Online Only): Answers to Review Questions

About the Author :
Dr. William Stallings has made a unique contribution to understanding the broad sweep of technical developments in computer security, computer networking, and computer architecture. He has authored 18 textbooks and, counting revised editions, a total of 70 books on various aspects of these subjects. His writings have appeared in numerous ACM and IEEE publications, including the Proceedings of the IEEE and ACM Computing Reviews. He has 13 times received the award for the best computer science textbook of the year from the Text and Academic Authors Association. With more than 30 years in the field, he has been a technical contributor, a technical manager, and an executive with several high-technology firms. He has designed and implemented both TCP/IP-based and OSI-based protocol suites on a variety of computers and operating systems, ranging from microcomputers to mainframes. Currently he is an independent consultant whose clients have included computer and networking manufacturers and customers, software development firms, and leading-edge government research institutions. He created and maintains the Computer Science Student Resource Site, at computersciencestudent.com. This site provides documents and links on a variety of subjects of general interest to computer science students and professionals. He is a member of the editorial board of Cryptologia, a scholarly journal devoted to all aspects of cryptology. Dr. Stallings holds a PhD from M.I.T. in Computer Science and a B.S. from Notre Dame in electrical engineering.