10 Closing security vulnerabilities

 

This chapter covers

  • Privacy risks hidden within security risks
  • How testing and development efficiencies can increase risk
  • Building an enterprise risk model to identify, track, and address privacy risks
  • How major privacy and security risks are cumulative and impactful in ways that are hard to predict and plan for
  • Using authorization to reduce risk
  • Privacy risks hidden in authorization implementations

Privacy controls are complicated for many companies to implement—particularly those with limited budgets or that are small or medium sized. Such organizations often face a critical question: “Where do we get started when it comes to building privacy into our technical infrastructure?” While prioritization questions are perennial, the much harder question to answer is what to do first.

10.1 Protecting privacy by reducing the attack surface

10.1.1 Managing the attack surface

10.1.2 How testing can cause security and privacy risks

10.1.3 An enterprise risk model for security and privacy

10.2 Protecting privacy by managing perimeter access

10.2.1 The Target breach

10.2.2 MongoDB security weaknesses

10.2.3 Authorization best practices

10.2.4 Why continuous monitoring of accounts and credentials is important

10.2.5 Remote work and privacy risk

10.3 Protecting privacy by closing access-control gaps

10.3.1 How an IDOR vulnerability works

10.3.2 IDOR testing and mitigation