Dennedy / Fox / Finneran | The Privacy Engineer’s Companion | Buch | 978-1-4842-3705-2 | www.sack.de

Buch, Englisch, 276 Seiten, Book, Format (B × H): 210 mm x 279 mm

Dennedy / Fox / Finneran

The Privacy Engineer’s Companion

A Workbook of Guidance, Tools, Methodologies, and Templates
1. Auflage 2020
ISBN: 978-1-4842-3705-2
Verlag: Apress

A Workbook of Guidance, Tools, Methodologies, and Templates

Buch, Englisch, 276 Seiten, Book, Format (B × H): 210 mm x 279 mm

ISBN: 978-1-4842-3705-2
Verlag: Apress

Engineer privacy into software, systems, and applications. This book is a resource for developers, engineers, architects, and coders. It provides tools, methodologies, templates, worksheets, and guidance on engineering privacy into software—from ideation to release and beyond—for technologies, products, systems, solutions, and applications. This book can be used in conjunction with the ApressOpen bestseller,  The Privacy Engineer’s Manifesto . This book trains and equips users to engage in their own privacy scoping requirements workshops, write privacy use cases or “stories” for agile development, document UI privacy patterns, conduct assessments, and align with product and information security teams. And, perhaps most importantly, the book brings clarity to a vitally important need—the protection of personal information—that is often shrouded in mystery during the engineering process. Go from policy to code to QA to value, all within these pages.           What You Will Learn Think of the Fair Information Principles as actionable, normative statements Decode privacy into functional requirements that can be designed and coded Prepare and conduct a privacy scoping requirements workshop Translate privacy requirements into usable stories for agile development Guide user interface designers in creating privacy controls and interfaces Access software, systems, applications, and apps to see if the necessary privacy controls are in place Create privacy engineering documentation (such as data flow diagrams and privacy impact assessments) so that tribal lore is translated into institutional knowledge Access and ready the enterprise to support privacy engineering  Who This Book Is For Serves multiple stakeholders, including those involved in architecting, designing, developing, deploying, and reviewing systems, products, processes, applications, and apps that process personal information. This workbook will appeal to software/hardware engineers, technical program and product managers, support and sales engineers, system integrators, IT professionals, lawyers, and information privacy and security professionals.
Dennedy / Fox / Finneran The Privacy Engineer’s Companion jetzt bestellen!

Zielgruppe

Professional/practitioner

Autoren/Hrsg.

Dennedy, Michelle Finneran
Fox, Jonathan
Finneran, Thomas
Bobbitt, Lisa
Guel, Michele

Fachgebiete

Weitere Infos & Material

Section 1: Privacy Engineering is Process, Data, and Innovation CentricIntroductionCharacteristics of Privacy EngineeringPrivacy Engineering is Process-CentricPrivacy Engineering is Data-Centric Privacy Engineering is Innovation-Centric Privacy Engineering builds on PbDTMWorkbook Use Case: MyCareerStagesConclusion Section 2: The Six Steps of the Privacy Engineering Process The Aha! Moment Step 1:  Identifying the Enterprise & User GoalsStep 3:  Mapping Requirements  to Offering/Data ProcessesStep 4:  Embedding Privacy through Training, Processes and Technology  Step 5:  Verifying Privacy Requirements are Met – Quality AssuranceStep 6:  If any changes (and there is always change), go back to Step 1  Conclusion    Section 3: Privacy Engineering Implementation Best Practices Practice 1:  Establish A Privacy Aware EnterprisePractice 2:  Document User Goals with Privacy Aware Use Case(s)Practice 3:  Build and Maintain Your Enterprise Privacy PolicyPractice 4:  Embed Privacy Engineering into Your Existing Development and Operational LifecyclePractice 5:  Build Privacy Requirements into Privacy User Stories  Practice 6:  Embed Privacy Controls via Privacy Enhancing Processes and Technologies  Practice 7:  Embed Privacy Awareness and Transparency into the Organization  Practice 8:  Managing Data with Operationalized  Governance, Protection and  Privacy  Practice 9:  Gathering Requirements and Planning a Privacy Requirements Workshop  Conclusion   Section 4: Workbook Use Case Details  Epic 1:  MyJobsFuture  Epic 2:  MyRecruitingPlaceEpic 3:  MyCareerStages  My FutureJobsRUs Privacy Statement/PolicyConclusion Section 5: Exercise Answers for FutureJobsRUsExercise 1:  Identify PIIExercise 2:  Scoping your Organization Questionnaire Example for FutureJobsRUsExercise 3:  Draw a Use Case DiagramExercise 4:  Map Your Enterprise Policy into Privacy RequirementsExercise 5:  Capture the Data InventoryExercise 6:  Complete Guide for Reviewing a User Diagram for Privacy RequirementsExercise 7:  Develop Privacy User Stories and Map to Agile EpicExercise 8:  Identify Risk, Threat and VulnerabilityExercise 9:  Scoping Your Enterprise OrganizationExercise 10:  Evaluate Your Design and Development MethodologyExercise 11:  Document Existing  Privacy Enhancing Processes and Privacy Enhancing TechnologiesExercise 12:  Map Privacy User Stories to PETs and PEPs. Exercise 13:  Develop a Privacy Data Sheet for your use case  Exercise 14:  Complete a Privacy Impact Assessment for your use case Exercise 15:  Revisit Step 6 for Epic 2 Exercise 16:  Revisit Step 6 for Epic 3 Section 6: Supplemental Information  Appendix 1:  Terms & Foundational ConceptsAppendix 2:  Operational Definition of PrivacyAppendix 3:  Twelve Privacy Controls FrameworkAppendix 4:  Foundational Privacy ActorsAppendix 5:  Agile Privacy Engineered User Stories Appendix 6:  Layering Privacy Engineering into Existing Development Appendix 7:  Privacy Requirements Workshop Sample AgendaAppendix 8:  Privacy Requirements Workshop Sample SlidesReferencesList of Figures  List of Tables Section 7:  Worksheet Pull-OutsWorksheet 1:  Identify PII attributesWorksheet 2:  Scoping your Organization QuestionnaireWorksheet 3:  Use Case DiagramWorksheet 4:  Map Enterprise Policy into Privacy RequirementsWorksheet 5:  Capture Data InventoryWorksheet 6:  Discussion Guide for Reviewing a Context Diagram for Privacy RequirementsWorksheet 7:  Develop Privacy User Stories and Map to Agile EpicWorksheet 8:  Identify Risk, Threat and VulnerabilityWorksheet 9:  Scoping Your Enterprise Data FoundationWorksheet 10:  Evaluate Your Design and Development MethodologyWorksheet 11:  Document Existing Privacy Enhancing Processes and Privacy Enhancing TechnologiesWorksheet 12:  Map user stories to controls, PETs and PEPs.Worksheet 13:  Develop a Privacy Data Sheet for a User StoryWorksheet 14:  Privacy Impact Assessment Worksheet 15: Revisit Step 6 Questions

Michelle Finneran Dennedy (@mdennedy) is Vice President and Chief Privacy Officer at Cisco, where she works to raise awareness and create tools that promote privacy, quality, integrity, respect, and asset-level possibilities for data. A sought-after technology industry speaker and thought leader, Michelle is passionate about data privacy and protection, and for building better technology that matters. She works closely with families, executives, innovators, and dreamers at all levels and in businesses and organizations at all stages to support the combination of policy, practice, and tools. She is a board member of the International Association of Privacy Professionals (IAPP) and the Committee for Economic Development (CED), and the chair of the IEEE 7002 Working Group on Data Privacy. Jonathan Fox  is Director of Privacy Engineering and Strategy and Planning, a member of Cisco’s Chief Privacy Office, and co-author of The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value (ApressOpen). With over 17 years of privacy experience, Jonathan’s principal areas of focus have been product development, government relations, mergers and acquisitions, and training. He is a Certified Information Privacy Professional (CIPP/US), a Certified Information Privacy Manager (CIPM), and was a Certified Information Security Manager (CISM). Prior to joining Cisco, he was Senior Privacy Engineer at Intel. His previous roles have included Director of Data Privacy for McAfee, Director of Privacy for eBay, Deputy Chief Privacy Officer for Sun Microsystems, and Editor-in-Chief of sun.com. Jonathan frequently speaks at industry events and is a member of the IEEE P7002 Personal Data Privacy Working Group and the OASIS Privacy by Design Documentation for Software Engineers Technical Committee. Thomas R. Finneran is a principal consultant for the iDennedy Project. He has proposed an approach to use the Organization for the Advancement of Structured Information Standards (OASIS) UML Standard for privacy analysis. Tom was a consultant for over 25 years for CIBER, Inc. He has acquired over 25 years of experience in the field of information technology. His strengths include: enterprise (including data, information, knowledge, business, and application) architecture, business and data analysis, UML object analysis and design, logical data modeling, database systems design and analysis, information resource management methodologies, CASE and metadata repository tools, project management, and computer law. He is experienced in almost all application system areas, including real-time data collection systems, inventory control, sales and order processing, personnel, all types of financial systems, the use of expert systems, and project management systems. Tom has developed and taught training courses in the areas of use cases, relational concepts, strategic data planning, logical data modeling, and the utilization of CASE tools, among others. He is also an experienced intellectual property patent lawyer. For various companies, he has held titles such as director, MIS; manager, corporate data strategy; manager, data administration; managing consultant; manager, standards and education; and systems designer. These companies include the Standard Oil Company, Corning Glass Works, ITT, ADR, and the US Navy. In addition, he was vice president and general counsel of TOMARK, Inc., and the developer of the highly successful ABEND-AID software package. Tom has a BA degree from Ohio State University, an MBA degree from Roosevelt University, and a JD degree from Cleveland State University. He is a member of the bar of the US Supreme Court and a member of the bar of Ohio, New Jersey, and Connecticut, and a member of the Patent Bar. Lisa Bobbitt , CISSP, CIPM, CIPP-E, is the lead Privacy Engineering architect in Cisco’s Privacy Office. She is passionate about embedding privacy awareness, governance, and technology across Cisco by building on the foundation of years of working and innovating (seven patents) in mainframe connectivity, mobile routing protocols, innovative concepts in 3D, voice/video/data in Stadium Vision, government adaptation, and trustworthy systems. Lisa believes that every person is a digital citizen and should be a privacy advocate, starting with understanding the value of authorized use of our personally identifiable information and that the processors of our personal data are making it easy for each of us to manage our PII. She has a BS degree in Computer Science from North Carolina State University and an MBA degree from Duke University. Michele D. Guel  (@MicheleDGuel) has been an avid speaker, influencer, and evangelist in the cybersecurity industry for 31 years. She joined Cisco in March of 1996 as the founding member of Cisco’s internal security team. During her 23+ years at Cisco, she has worked in all facets of cybersecurity and has the established many “firsts” at Cisco. In 2010, Michele was promoted to Distinguished Engineer, one of eight female DEs across Cisco today. In 2014, she co-founded Cisco’s Women in Cybersecurity Community which focuses on developing the next generation of women cybersecurity leaders. In 2014, she was named one of the SANS “People Who Make a Difference in Cybersecurity” and in 2016, she received the prestigious Anita Borg 2016 Women of Vision Technology Leadership Award. Her current focus is IoT security strategies.

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.