GDPR and cyber security for business information systems / Antoni Gobeo, Connor Fowler, William J. Buchanan.

Includes bibliographical references and index.

This book is designed to present specific and practical information on the key areas of compliance with the GDPR relevant to business information systems in a global context. Key areas covered include: principles and rights within the GDPR, information security, data protection by design and default, policies and procedures, encryption methods, incident response and management, data breaches.

Print version record.

Front Cover; Half Title Page; RIVER PUBLISHERS SERIES IN SECURITY AND DIGITAL FORENSICS; Title Page; Copyright Page; Contents; Preface; Acknowledgements; List of Figures; List of Abbreviations; Part One: Introduction; Chapter 1: The GDPR Fundamentals; A Brief History of Data Collection and Data Protection; The GDPR; To Whom Does It Apply?; Who Is Exempt?; Personal Data: Why it's Worth Protecting; The Privacy Argument; The Economic Argument; Consequences to Individuals of Data Misuse; The Heart of the GDPR; The Six Principles; The Six Lawful Bases; The Rights of Natural Persons in the GDPR

The Three ExceptionsChapter Review; References; Appendix; Chapter 2: Organisations, Institutions, and Roles; Introduction; Quis Custodiet Ipsos Custodes?; European Union; Duties of the EDPB; Supervisory Authorities; The ICO in Action; Organisations Under the GDPR; Public Authorities; Types of Public Authorities; NGO's and Charities; NGO's and Charities as Data Controllers; Institutions and Agencies; Court of Justice of the European Union; European Union Agency for Network and Information Security: ENISA; The United Kingdom; Government Communications Headquarters

The National Cyber Security CentreThe GCHQ Bude: GCHQ Composite Signals Organisation Morwenstow; Investigatory Powers Commissioner's Office; Investigatory Powers Tribunal; Chapter Review; References; Appendix; Chapter 3: Information Systems Management and the GDPR; Introduction; Information Systems in Organisations; Processes and Essential Systems; Types of Information Systems; Information Management; What is IM; Stakeholders; Data Management through the Ages; Functions of Information Management; Information Systems Theory; Data Flow Mapping; Data Flow Mapping Techniques

Data Controller and Data ProcessorData Controller; Data Processor; Distinguishing the Difference Between the Data Controller and the Data Processor; Chapter Review; References; Chapter 4: CyberSecurity and the GDPR; Introduction; Cyber Security as a Function of Compliance; Privacy; Protection; Process; Cyber Attacks; Malware; Social Engineering; Phishing; Countermeasures; Encryption; Chapter Review; References; Part Two: Preparatory Steps; Chapter 5: Data Protection by Design and Default; Introduction; Data Protection is a Program; not a Project; What is Privacy?

Privacy and Protection by Design and DefaultThe Security Principle: Appropriate Technical and Organisational Measures; Organisational: A Corporate Culture of Data Protection; Staff Awareness of Security; Organisational Responsibility for Security; Technical Measures; Physical Security; Hardware Security; Computer Security: Design; Computer Security: Measures; Open Web Application Security Project (OWASP); Assessing Information Assets: Value and Risk; Information Classification and Labelling; Special Category Data: Sensitive and Very Sensitive Personal Data; Criminal Offence Data

eBooks on EBSCOhost EBSCO eBook Subscription Academic Collection - Worldwide