10 Closing security vulnerabilities

This chapter covers

Privacy risks hidden within security risks
How testing and development efficiencies can increase risk
Building an enterprise risk model to identify, track, and address privacy risks
How major privacy and security risks are cumulative and impactful in ways that are hard to predict and plan for
Using authorization to reduce risk
Privacy risks hidden in authorization implementations

Privacy controls are complicated for many companies to implement—particularly those with limited budgets or that are small or medium sized. Such organizations often face a critical question: “Where do we get started when it comes to building privacy into our technical infrastructure?” While prioritization questions are perennial, the much harder question to answer is what to do first.

10.1 Protecting privacy by reducing the attack surface

10.1.1 Managing the attack surface

10.1.2 How testing can cause security and privacy risks

10.1.3 An enterprise risk model for security and privacy

10.2 Protecting privacy by managing perimeter access

10.2.1 The Target breach

10.2.2 MongoDB security weaknesses

10.2.3 Authorization best practices

10.2.4 Why continuous monitoring of accounts and credentials is important

10.2.5 Remote work and privacy risk

10.3 Protecting privacy by closing access-control gaps

10.3.1 How an IDOR vulnerability works

10.3.2 IDOR testing and mitigation