Title GDPR and Cyber Security for Business Information Systems
Author Antoni Gobeo, Connor Fowler, William J. Buchanan
ISBN 9788793609136
List price USD 71.00
Price outside India Available on Request
Original price
Binding Hardbound
No of pages 350
Book size 152 x 228 mm
Publishing year 2018
Original publisher River Publishers (Eurospan Group)
Published in India by .
Exclusive distributors Viva Books Private Limited
Sales territory India, Sri Lanka, Bangladesh, Pakistan, Nepal, .
Status New Arrival
About the book Send Enquiry


The General Data Protection Regulation is the latest, and one of the most stringent, regulations regarding Data Protection to be passed into law by the European Union. Fundamentally, it aims to protect the Rights and Freedoms of all the individuals included under its terms; ultimately the privacy and security of all our personal data. This requirement for protection extends globally, to all organisations, public and private, wherever personal data is held, processed, or transmitted concerning any EU citizen.

Cyber Security is at the core of data protection and there is a heavy emphasis on the application of encryption and state of the art technology within the articles of the GDPR. This is considered to be a primary method in achieving compliance with the law. Understanding the overall use and scope of Cyber Security principles and tools allows for greater efficiency and more cost effective management of Information systems.

GDPR and Cyber Security for Business Information Systems is designed to present specific and practical information on the key areas of compliance to the GDPR relevant to Business Information Systems in a global context.

Key areas covered include:

  • Principles and Rights within the GDPR
  • Information Security
  • Data Protection by Design and Default
  • Implementation Procedures
  • Encryption methods
  • Incident Response and Management
  • Data Breaches




List of Figures

List of Abbreviations


Chapter 1: The GDPR Fundamentals • A Brief History of Data Collection and Data Protection • The GDPR • To Whom Does It Apply? • Who Is Exempt? • Personal Data: Why it’s Worth Protecting • The Privacy Argument • The Economic Argument • Consequences to Individuals of Data Misuse • The Heart of the GDPR; The Six Principles • The Six Lawful Bases • The Rights of Natural Persons in the GDPR • The Three Exceptions • Chapter Review • References • Appendix

Chapter 2: Organisations, Institutions, and Roles • Introduction • Quis Custodiet Ipsos Custodes • European Union • Duties of the EDPB • Supervisory Authorities • The ICO in Action • Organisations Under the GDPR • Public Authorities • Types of Public Authorities • NGO’s and Charities • NGO’s and Charities as Data Controllers • Institutions and Agencies • Court of Justice of the European Union • European Union Agency for Network and Information Security: ENISA • The United Kingdom • Government Communications Headquarters • The National Cyber Security Centre • The GCHQ Bude: GCHQ Composite Signals Organisation Morwenstow • Investigatory Powers Commissioner’s Office • Investigatory Powers Tribunal • Chapter Review • References • Appendix

Chapter 3: Information Systems Management and the GDPR • Introduction • Information Systems in Organisations • Processes and Essential Systems • Types of Information Systems • Information Management • What is IM • Stakeholders • Data Management through the Ages • Functions of Information Management • Information Systems Theory • Data Flow Mapping • Data Flow Mapping Techniques • Data Controller and Data Processor • Data Controller • Data Processor • Distinguishing the Difference Between the Data Controller and the Data Processor • Chapter Review • References

Chapter 4: Cyber Security and the GDPR • Introduction • Cyber Security as a Function of Compliance • Privacy • Protection • Process • Cyber Attacks • Malware • Social Engineering • Phishing • Countermeasures • Encryption • Chapter Review • References


Chapter 5: Data Protection by Design and Default • Introduction • Data Protection is a Program; not a Project • What is Privacy? • Privacy and Protection by Design and Default • The Security Principle: Appropriate Technical and Organisational Measures • Organisational: A Corporate Culture of Data Protection • Staff Awareness of Security • Organisational Responsibility for Security • Technical Measures • Physical Security • Hardware Security • Computer Security: Design • Computer Security: Measures • Open Web Application Security Project (OWASP) • Assessing Information Assets: Value and Risk • Information Classification and Labelling • Special Category Data: Sensitive and Very Sensitive Personal Data • Criminal Offence Data • Labelling of Data • Chapter Review • References • Appendix

Chapter 6: Protection Policies and Privacy Notices • Introduction • Policy Framework: COBIT 5 • COBIT 5: Principles, Policies and Frameworks in Depth • The Data Protection Policy • Policy Document Structure • Data Protection Privacy Notice • Types of Privacy Notices • Chapter Review • References

Chapter 7: DPO, DPIA, and DSAR • Introduction • Data Protection Officer • Appointing a DPO • What Makes a good DPO • Tasks of the DPO • Data Protection Impact Assessment • Legal Requirements • Defining Article 35 • Prior Consultation • Conducting a DPIA • Data Subject Access Request • How to access the data • The Organisations Role • Chapter Review • References • Appendix


Chapter 8: International Standards; ISO’s • The ISO • 4 Key Principles • 5 Year Review Process • ISO as a Function of Compliance • ISO 31000: Risk Management • The Eight Principles • Five Component Framework • Six Stage Process • ISO 27005: A Brief Visit • ISO 8601: Representation of Dates and Times • ISO 27000 Family — Information Security Management Systems • ISMS: Information Security Management Systems • ISO 27018: Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors • ISO 27032: Guidelines for Cybersecurity • ISO 9001 — Quality Management System • Plan-Do-Check-Act Cycle • Chapter Review • References

Chapter 9: Security Incident Management • Introduction • The GDPR Articles • Computer Security Incident Response Team (CSIRT) • Incidence Response Plan (IRP) • Incident Response Cycle • Notification for a Personal Data Breach • Data Breach Severity • Breach Severity Rating and Risk • ENISA Methodology • Chapter Review • References • Appendix

Chapter 10: Valuing Security • Valuing Security: Making the Business Case • Budgeting for IT and C-Suite • Budgeting • Mapping Out the Budget • Money Talks • Calculating the Annualised Loss Expectancy • Calculating the Return on Investment • Effective Communication • Email • Preparing a Presentation • Chapter Review • References


About the Authors

About the Authors:

Antoni Gobeo, Edinburgh Napier University, UK.

Connor Fowler, Edinburgh Napier University, UK.

William J. Buchanan, Edinburgh Napier University, UK.

Target Audience:

People interested in Principles and Rights within the GDPR, Information Security, Data Protection by Design and Default, Implementation Procedures, Encryption methods, Incident Response and Management, Data Breaches.

Special prices are applicable to the authorised sales territory only.
Prices are subject to change without prior notice.