What we can learn from the aftermath of cybersecurity breaches and how we can do a better job protecting online data. Cybersecurity incidents make the news with startling regularity. Each breach—the theft of 145.5 million Americans' information from Equifax, for example, or the Russian government's theft of National Security Agency documents, or the Sony Pictures data dump—makes headlines, inspires panic, instigates lawsuits, and is then forgotten. The cycle of alarm and amnesia continues with the next attack, and the one after that. In this book, cybersecurity expert Josephine Wolff argues that we shouldn't forget about these incidents, we should investigate their trajectory, from technology flaws to reparations for harm done to their impact on future security measures. We can learn valuable lessons in the aftermath of cybersecurity breaches. Wolff describes a series of significant cybersecurity incidents between 2005 and 2015, mapping the entire life cycle of each breach in order to identify opportunities for defensive intervention. She outlines three types of motives underlying these attacks—financial gain, espionage, and public humiliation of the victims—that have remained consistent through a decade of cyberattacks, offers examples of each, and analyzes the emergence of different attack patterns. The enormous TJX breach in 2006, for instance, set the pattern for a series of payment card fraud incidents that led to identity fraud and extortion; the Chinese army conducted cyberespionage campaigns directed at U.S.-based companies from 2006 to 2014, sparking debate about the distinction between economic and political espionage; and the 2014 breach of the Ashley Madison website was aimed at reputations rather than bank accounts.

Public Personnel Management has served as an essential, concise reader for public personnel and human resource management courses in the fields of public administration, political science, and public policy for more than 30 years. Since the first edition published in 1991, the book has provided professors and students alike with an in-depth look at cutting-edge developments beyond standard textbook coverage, to cultivate a broad understanding of the key management and policy issues facing public and nonprofit HRM today. Original chapters are written expressly for the text by leading public administration scholars, each focusing on specific and sometimes controversial concerns for public personnel management, such as social equity, labor relations, public employee rights, and the operation of nonprofits. Now in an extensively revised seventh edition, Public Personnel Management presents new, original chapters to examine developments of interest to researchers and practitioners alike, including: new ways of working (NWW), remote work, the effects of the COVID-19 pandemic on public service workforces, work-life balance, patterns of discrimination and employees’ perceptions of fairness, affirmative action, generational differences in the workforce, and – as the field of public personnel management becomes more internationalized – chapters addressing human resource management across Europe and a chapter on NWW practices in Switzerland. These, together with other chapters, ensure that Public Personnel Management will remain a field-defining book for the next 30 years.

The inside story of how America's enemies launched a cyber war against us-and how we've learned to fight back With each passing year, the internet-linked attacks on America's interests have grown in both frequency and severity. Overmatched by our military, countries like North Korea, China, Iran, and Russia have found us vulnerable in cyberspace. The "Code War" is upon us. In this dramatic book, former Assistant Attorney General John P. Carlin takes readers to the front lines of a global but little-understood fight as the Justice Department and the FBI chases down hackers, online terrorist recruiters, and spies. Today, as our entire economy goes digital, from banking to manufacturing to transportation, the potential targets for our enemies multiply. This firsthand account is both a remarkable untold story and a warning of dangers yet to come.

Web-based connections permeate our lives - and so do data breaches. Given that we must be online for basic communication, finance, healthcare, and more, it is remarkable how many problems there are with cybersecurity. Despite the passage of many data security laws, data breaches are increasingat a record pace. In Breached!, Daniel Solove and Woodrow Hartzog, two of the world's leading experts on cybersecurity and privacy issues, argue that the law fails because, ironically, it focuses too much on the breach itself.Drawing insights from many fascinating stories about data breaches, Solove and Hartzog show how major breaches could have been prevented through inexpensive, non-cumbersome means. They also reveal why the current law is counterproductive. It pummels organizations that have suffered a breach, butdoesn't recognize other contributors to the breach. These outside actors include software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage inrisky behaviors, and more.The law's also ignores the role that good privacy practices can play. Although humans are the weakest link for data security, the law remains oblivious to the fact that policies and technologies are often designed with a poor understanding of human behavior. Breached! corrects this course byfocusing on the human side of security. This book sets out a holistic vision for data security law - one that holds all actors accountable, understands security broadly and in relationship to privacy, looks to prevention rather than reaction, and is designed with people in mind. The book closes witha roadmap for how we can reboot law and policy surrounding cybersecurity so that breaches become much rarer events.

Privacy engineering : why it's needed, how to scale it -- Understanding data and privacy -- Data classification -- Data inventory -- Data sharing -- The technical privacy review -- Data deletion -- Exporting user data : data subject access requests -- Building a consent management platform -- Closing security vulnerabilities -- Scaling, hiring, and considering regulations.

This short paperback, developed from the casebook Information Privacy Law,contains key cases and materials focusing on privacy issues related to consumer privacy and data security. This book is designed for use in courses and seminars on: Cyberlaw Law and technology Privacy law Information law Consumer law New to the Third Edition: CCPA, biometric privacy laws FTC Facebook Cambridge Analytica case United States v. Gratkowski (Bitcoin and the Fourth Amendment) In re Vizio, Inc. Additional material about TCPA litigation, including Stoops v. Wells Fargo Bank Additional material on the FCC Act Additional material on the Video Privacy Protection Act Barr v. American Association of Political Consultants Topics covered include: Big Data, financial privacy, FCRA, GLBA, FTC privacy and security regulation Identity theft, online behavioral advertising First Amendment limitations on privacy regulation Data breaches, data breach notification statutes Privacy of video watching and media consumptions CFAA, enforcement of privacy policies, marketing use of data, and more

This book presents a holistic view of the geopolitics of cyberspace that have arisen over the past decade, utilizing recent events to explain the international security dimension of cyber threat and vulnerability, and to document the challenges of controlling information resources and protecting computer systems. How are the evolving cases of cyber attack and breach as well as the actions of government and corporations shaping how cyberspace is governed? What object lessons are there in security cases such as those involving Wikileaks and the Snowden affair? An essential read for practitioners, scholars, and students of international affairs and security, this book examines the widely pervasive and enormously effective nature of cyber threats today, explaining why cyber attacks happen, how they matter, and how they may be managed. The book addresses a chronology of events starting in 2005 to comprehensively explain the international security dimension of cyber threat and vulnerability. It begins with an explanation of contemporary information technology, including the economics of contemporary cloud, mobile, and control systems software as well as how computing and networking—principally the Internet—are interwoven in the concept of cyberspace. Author Chris Bronk, PhD, then documents the national struggles with controlling information resources and protecting computer systems. The book considers major security cases such as Wikileaks, Stuxnet, the cyber attack on Estonia, Shamoon, and the recent exploits of the Syrian Electronic Army. Readers will understand how cyber security in the 21st century is far more than a military or defense issue, but is a critical matter of international law, diplomacy, commerce, and civil society as well.

This book constitutes revised selected papers from the 15th Workshop on e-Business, WeB 2016, held in conjunction with the International Conference on Information Systems, ICIS, in Dublin, Ireland, in December 2016. WeB 2016 provided a forum for scholars to exchange ideas and share results from their research. Original articles addressing a broad coverage of technical, managerial, economic, and strategic issues related to consumers, businesses, industries, and governments were presented at the workshop, employing various IS research methods such as case study, survey, analytical modeling, experiments, computational models, and design science. The 15 full and 8 short papers presented in this volume were carefully reviewed and selected from 46 submissions. They deal with the “Internetworked World” focusing on digitalization, consumerization, global platforms, and transformative innovations in industry.

"Sober, lucid and often wise." —Nature The Internet is powerful, but it is not safe. As "smart" devices proliferate the risks will get worse, unless we act now. From driverless cars to smart thermostats, from autonomous stock-trading systems to drones equipped with their own behavioral algorithms, the Internet now has direct effects on the physical world. Forget data theft: cutting-edge digital attackers can now literally crash your car, pacemaker, and home security system, as well as everyone else’s. In Click Here to Kill Everybody, best-selling author Bruce Schneier explores the risks and security implications of our new, hyper-connected era, and lays out common-sense policies that will allow us to enjoy the benefits of this omnipotent age without falling prey to the consequences of its insecurity.

Thoroughly revised and updated to address the many changes in this evolving field, the third edition of Legal and Privacy Issues in Information Security addresses the complex relationship between the law and the practice of information security. Information systems security and legal compliance are required to protect critical governmental and corporate infrastructure, intellectual property created by individuals and organizations alike, and information that individuals believe should be protected from unreasonable intrusion. Organizations must build numerous information security and privacy responses into their daily operations to protect the business itself, fully meet legal requirements, and to meet the expectations of employees and customers. Instructor Materials for Legal Issues in Information Security include: PowerPoint Lecture Slides Instructor's Guide Sample Course Syllabus Quiz & Exam Questions Case Scenarios/Handouts New to the third Edition: • Includes discussions of amendments in several relevant federal and state laws and regulations since 2011 • Reviews relevant court decisions that have come to light since the publication of the first edition • Includes numerous information security data breaches highlighting new vulnerabilities