Privacy
An analysis of the European Union Data Privacy Directive (95/46/EC), including a summary and description of approved data transfer mechanisms of personal information from the European Union to non-EU countries, can be found here.
Data Risk Governance
Exploring the intersection between information security, privacy, technology and the law.
Blogroll
- BankInfoSecurity Blogs
- Bruce Schneier Blog
- Computer Fraud & Data Protection
- EndUserComputing.org
- Grave's Concerns
- Hack-igations
- Info Law Group LLC
- Information Law Blog (Infrequently Updated)
- IT Compliance
- Krebs On Security
- Ponemon Institute
- Privacy & Security Law Blog
- Stephen Wu's RSA Blog
- The Falcon's View
- The New School of Information Security
Subscribe
Recommended Books
Matt's bookshelf: professional
Re-reading this one.This is a good overview of the topic supplemented by data gathered from research conducted by the authors. The data is particularly enlightening. I would have liked a more thorough discussion of integrating ...
I think this is no longer a "new" framework but still a valid insight into information security. One pause I took with this book is the author's complete aversion to information security risk assessment. Unfortunately, there are f...
This book is great for people curious about Mormons or who may know one in the workplace (hopefully a good one!) The drawback for me is that nothing in this book was really that new to me as the author spends much effort to educate the read...
So far only OK - it didn't hold my attention for very long. Perhaps the reason is because the author doesn't really provide anything very practical to base the theories on. The topic seems to be just "risk" in whatever form you ch...
This should be required reading for every first year law student, during the summer before entering law school. You should only buy this one book. Feel free to modify the techniques to fit your style, including the use of newer technologies...
A basic tome on ISC2's ten domains. There are better guides out there, particularly Shon Harris material.
I say "read" but I really only browsed it. The authors seem to have tried to put forward the most academically acceptable treatise on the ISC2 ten domains. This is not helpful for test preparation. We called this book the "ye...
Great insight to the people (yes they are people, not demi-gods) who sit on the Supreme Court. The book covers is pre-Chief Justice Roberts and Justice Alito.
Well written and the chapters vary in topic and context enough to make it a...
Current info sec issues in the legal, social and international context. I read it for the legal insights. As far as a collection of essays goes it is pretty good. I recommend other titles for folks new to information security, this book is ...
"The starting point for anyone interested in computer security. The book is a classic and has many imitations. Schneier is brilliant and is still a leading luminary in the world of security."
"This book has short vignettes about 50 people who pondered their work life and wondered if there was something else out there. Some just up and quit their jobs for a radical career change. Some didn't. Some found success and hapiness,...
"Want to change your life but don't know how? This short story using mice as an analogy for modern human corporate shmucks, offers a new way to embrace change. Several rules are laid out to guide one away from complacency, complaining ...
Having earned the CISSP credential, most of this book was review for me except for the legal chapter, which was very informative. This book gets the job done, I passed the exam just fine with this as my only preparation.
Boring. Public policy is just not my thing. I had to read this for school. I'm sure to a public policy devotee the book would be great.
The book is pretty straight-forward and demystifies some of the quirks of ISO 27001. The book is most helpful to those companies seeking certification and does a nice job of using visual aides to see the required documentation.
This book was slightly disappointing. Any learner has to walk the line between theory and application. Theory is essential or one often won't understand the nuances of implementation and application. I had hoped this book would help me make...
I read the first edition which felt rushed to market. Very little commentary offered beyond the actual statutory text. It is valuable in collecting the references in one place but lacks any professional insight to the content.
Great insights. There has been a raging battle for years between different camps over the "right" way to do risk analysis in fields other than insurance and finance. This book takes the quantitative risk assessment view and does a...
Share book reviews and ratings with Matt, and even join a book club on Goodreads.
Michael Sim said
March 2012 – Found your ISSA Feb 2011 article on the web (quite by chance) and found in enlightening. Thanks Matt for taking the time to work out the intricacies of data transfers regarding the 95/46/EC Directive and making it accessible to lay people such as myself. Michael SIM, CISA, CISM, CISSP, BS 25999 Business Continuity