Controlling Privacy and the Use of Data Assets - Volume 1: Who Owns the New Oil?

Ulf Mattsson leverages his decades of experience as a CTO and security expert to show how companies can achieve data compliance without sacrificing operability.

• Jim Ambrosini, CISSP, CRISC, Cybersecurity Consultant and Virtual CISO

Ulf Mattsson lays out not just the rationale for accountable data governance, he provides clear strategies and tactics that every business leader should know and put into practice. As individuals, citizens and employees, we should all take heart that following his sound thinking can provide us all with a better future.

• Richard Purcell, CEO Corporate Privacy Group and former Microsoft Chief Privacy Officer

Many security experts excel at working with traditional technologies but fall apart in utilizing newer data privacy techniques to balance compliance requirements and the business utility of data. This book will help readers grow out of a siloed mentality and into an enterprise risk management approach to regulatory compliance and technical roles, including technical data privacy and security issues.

The book uses practical lessons learned in applying real-life concepts and tools to help security leaders and their teams craft and implement strategies. These projects deal with a variety of use cases and data types. A common goal is to find the right balance between compliance, privacy requirements, and the business utility of data.

This book reviews how new and old privacy-preserving techniques can provide practical protection for data in transit, use, and rest. It positions techniques like pseudonymization, anonymization, tokenization, homomorphic encryption, dynamic masking, and more. Topics include

• Trends and Evolution
• Best Practices, Roadmap, and Vision
• Zero Trust Architecture
• Applications, Privacy by Design, and APIs
• Machine Learning and Analytics
• Secure Multiparty Computing
• Blockchain and Data Lineage
• Hybrid Cloud, CASB, and SASE
• HSM, TPM, and Trusted Execution Environments
• Internet of Things
• Quantum Computing
• And much more!

Ulf Mattsson利用他作為CTO和安全專家數十年的經驗，展示了企業如何在不犧牲可操作性的情況下實現數據合規性。

Jim Ambrosini, CISSP, CRISC, Cybersecurity Consultant and Virtual CISO說：「Ulf Mattsson不僅提出了負責任的數據治理的理據，還提供了清晰的策略和戰術，每位企業領導者都應該了解並付諸實踐。作為個人、公民和員工，我們應該都懷抱希望，遵循他的理性思考可以為我們提供更好的未來。」

Richard Purcell, CEO Corporate Privacy Group和前微軟首席隱私官說：「這本書不僅回顧了新舊隱私保護技術如何在數據在傳輸、使用和休息時提供實際的保護，還介紹了偽匿名化、匿名化、令牌化、同態加密、動態遮蔽等技術。主題包括趨勢和演進、最佳實踐、路線圖和願景、零信任架構、應用程序、隱私設計和API、機器學習和分析、安全多方計算、區塊鏈和數據譜系、混合雲、CASB和SASE、HSM、TPM和可信執行環境、物聯網、量子計算等等。」

許多安全專家擅長使用傳統技術，但在利用新的數據隱私技術平衡合規要求和數據的業務效益方面表現不佳。這本書將幫助讀者擺脫狹隘的思維，轉向企業風險管理方法來處理合規和技術角色，包括技術數據隱私和安全問題。

本書使用實際應用的概念和工具的實際經驗教訓，幫助安全領導者及其團隊制定和實施策略。這些項目涉及各種用例和數據類型。一個共同的目標是在合規性、隱私要求和數據的業務效益之間找到合適的平衡。

Ulf Mattsson is a recognized information security and data privacy expert with a strong track record of more than two decades implementing cost-effective data security and privacy controls for global Fortune 500 institutions, including Citigroup, Goldman Sachs, GE Capital, BNY Mellon, AIG, Visa USA, Mastercard Worldwide, American Express, The Coca Cola Company, Wal-Mart, BestBuy, KOHL's, Microsoft, IBM, Informix, Sybase, Teradata, and RSA Security. He is currently the Chief Security Strategist and earlier the Chief Technology Officer at Protegrity, a data security company he co-founded after working 20 years at IBM in software development. Ulf is an inventor of more than 70 issued US patents in data privacy and security. Ulf is active in the information security industry as a contributor to the development of data privacy and security standards in the Payment Card Industry Data Security Standard (PCI DSS) and American National Standards Institute (ANSI) X9 for financial industry. He is on the advisory board of directors at PACE University, NY, in the area of cloud security and a frequent speaker at various international events and conferences, including the RSA Conference, and the author of more than 100 in-depth professional articles and papers on data privacy and security, including IBM Journals, IEEE Xplore, ISSA Journal and ISACA Journal. Ulf also holds a master's in physics in Engineering from Chalmers University of Technology in Sweden and is Co-Author of Defending the database (Elsevier Ltd, 2007) and Real security for virtual machines (Elsevier Ltd, 2009)

Ulf Mattsson是一位被公認的資訊安全和數據隱私專家，擁有超過二十年的豐富經驗，在全球財富500強企業中實施具有成本效益的數據安全和隱私控制措施，包括花旗集團、高盛、GE Capital、BNY Mellon、AIG、Visa USA、萬事達卡、美國運通、可口可樂公司、沃爾瑪、百思買、KOHL's、微軟、IBM、Informix、Sybase、Teradata和RSA Security等。他目前是Protegrity的首席安全策略師，此前在IBM工作了20年，並共同創辦了這家數據安全公司。Ulf是超過70項美國專利的發明人，專注於數據隱私和安全領域。Ulf在信息安全行業中活躍，為付款卡行業數據安全標準（PCI DSS）和美國國家標準協會（ANSI）X9的發展做出了貢獻。他是紐約PACE大學的諮詢董事會成員，專注於雲安全領域，並經常在各種國際活動和會議上發表演講，包括RSA Conference。他還是超過100篇深入專業文章和論文的作者，涉及數據隱私和安全，包括IBM Journals、IEEE Xplore、ISSA Journal和ISACA Journal。Ulf還擁有瑞典查爾默斯理工大學的物理工程碩士學位，並是《Defending the database》（Elsevier Ltd，2007）和《Real security for virtual machines》（Elsevier Ltd，2009）的合著者。