Arts & Photography
Audio CDs
Audiocassettes
Biographies & Memoirs
Business & Investing
Children's Books
Christianity
Comics & Graphic Novels
Computers & Internet
Cooking, Food & Wine
Entertainment
Gay & Lesbian
Health, Mind & Body
History
Home & Garden
Horror
Literature & Fiction
Mystery & Thrillers
Nonfiction
Outdoors & Nature
Parenting & Families
Professional & Technical
Reference
Religion & Spirituality
Romance
Science
Science Fiction & Fantasy
Sports
Teens
Travel
Women's Fiction
|
 |
Privacy : What Developers and IT Professionals Should Know |
List Price: $49.99
Your Price: $35.74 |
 |
|
|
|
| Product Info |
Reviews |
<< 1 >>
Rating: 
Summary: High level privacy overview
Review: I enjoyed reading this book. Although not very detailed or technical, the book is a good management level overview of data protection, privacy ideas and techniques to enforce privacy policies within an organization. The book is useful for a software developer, IT person, database administrator, manager, or anyone involved in handling or managing computer data. The material is presented in a language suitable for virtually any IT expertise level. There are some examples presented from real life that help the reader to understand the concepts better. I think the book covers almost everything about digital data privacy and it does not focus solely on privacy related to Microsoft products.
Rating: 
Summary: simple description of antispam methods
Review: A management level discussion of privacy issues in computing. While Cannon is from Microsoft, he writes for the general case. Nothing here is really specific to Microsoft's situation or products. Though it might be said that since Microsoft is the world's dominant software company, they might tend to be more sensitive to the issues raised in the text. Held to a higher standard and all that. So in this sense, having Cannon being a senior executive at Microsoft lends the book some gravitas. Even if you are a competitor of Microsoft, it might pay to study this book.
One of the issues covered is spam. He gives a summary of the main antispam methods currently in vogue. The reader needs to be aware that the discussion is very limited. Extensions are ignored that improve the effectiveness of several methods. Consider for example the hashing method. He restricts this to making a single hash from a message. But making several hashes is far more robust to spammer countermeasures.
Likewise, block lists are described. (More commonly known as black lists.) He says the drawback is that spammers usually use fake email addresses and domain names. Well, for one thing, not all spammers fake these. So the black list can still be applied against the purported sender, to detect the latter. But suppose that a spammer does forge her address in the header. The black list can also be applied against the message body. Typically with devastating effect.
Rating: 
Summary: Instant Privacy Awareness
Review: I give the book 5 stars for making a complex subject both accessible and interesting, for communicating the urgency of addressing privacy issues, and for supplying the information IT professionals and developers need to build privacy functionalities into the solutions they create and deliver. This book will be most useful for US readers as expectations and laws vary across the world.
There are two questions an organization should ask about privacy: What is the cost of implementing a privacy program and what is the potential cost of not implementing a privacy program. Cannon's book will appeal as much to managers and executives responsible for knowing the answers to those questions.
The first third of the book provides an overview of privacy legislation and of technologies that are either privacy-enhancing or privacy-invasive, with suggestions for how to protect oneself from privacy intrusion. Chapter 4 is devoted to the subject of managing privacy for Windows products which can be helpful to administrators and consumers. It covers the privacy settings for XP, Windows Server 2003, Windows Office 2003, and Windows Media Player 9. Consumers and privacy advocates alike will find a wealth of information here about what privacy technologies exist and how to use them.
In the next fifty pages, Cannon discusses how to build a privacy organizational infrastructure and a privacy response center; and the reminder of the 350-page book is devoted to walking developers through the steps necessary to actually build privacy functionalities into their solutions. It is here that Cannon delves into more technical topics of interest to developers building privacy-enhancing technologies and to companies looking to include privacy awareness into the way products are built.
P3P is something I have struggled with on the SANS Institute's own web page. At present, it seems like an organization is safer not implementing it and the book was very helpful for me to better grasp the issues surround electronic enforcement of privacy.
Rating:
Summary: Excellent information on privacy issues...
Review: I recently received a copy of Privacy: What Developers and IT Professionals Should Know by J. C. Cannon (Addison-Wesley). This is a good book that does an excellent job in delivering to the target audience.
Chapter list: An Overview Of Privacy; The Importance of Privacy-Enhancing and Privacy-Aware Technologies; Privacy Legislation; Managing Windows Privacy; Managing Spam; Privacy-Invasive Devices; Building a Privacy Organizational Infrastructure; The Privacy Response Center; Platform for Privacy Preferences Project (P3P); Integrating Privacy in the Development Process; Performing a Privacy Analysis; A Sample Privacy-Aware Application; Protecting Database Data; Managing Access to Data: A Coding Example; Digital Rights Management; Privacy Section for a Feature Specification; Privacy Review Template; Data Analysis Template; List of Privacy Content; Privacy Checklist; Privacy Standard; References; Index
In today's environment, nearly every aspect of your daily existence touches data processing systems in some way. And if you surf the web, you know you are constantly being asked for personal and demographic information. But all too often, privacy issues related to all this information are not addressed in a secure, consistent methodology. Because of that, you stand a good chance of having far more personal information released to 3rd parties than you may be comfortable with. This book will help you become aware of the issues and build solid systems and processes that protect that privacy.
The first part of the book shows you how to secure your own privacy when you're working with computers. With the use of features such as pop-up blockers, cookie blockers, anonymous email services, and other related tools, you can effectively control the amount of information about your person and your activities while online. This information is really useful to anyone reading the book regardless of whether they are in IT or not. The second part of the book concentrates more on building software and processes that recognizes this right to privacy and gives the consumer choices on how to disclose and manage their personal information. The information is very practical and readable, and organizations would do well to consider the information presented here.
If you happen to be working in an industry affected by legislation such as HIPAA, this book becomes critical. If you're dealing with personal health information, you have no choices when it comes to privacy. The laws are spelled out, and the legal consequences for violating these laws are severe. Companies such as these should definitely get a copy.
This information has even affected one of the application changes I am currently working on. The user wanted to track the number of hits that a document got for reading. I started to build the change to track *who* read it, but then remembered that "less is more". There's no reason to track that information, so I shouldn't. As a result, I've got a more privacy-friendly application that delivers the desired results without violating the reader's privacy.
Good book, and worth the time for reading...
Rating:
Summary: Excellent field guide for policy and technology
Review: This is an excellent book. It teaches both at the policy level and the technology level. There are rollout strategies for security within an organization, as well as overviews of the latest technologies that can help you implement your security strategies. The book is well written and researched. Illustrations are used very effectively. I'm very impressed with this book. It's a solid piece of work.
Rating:
Summary: Required reading
Review: When it comes to the privacy issue, this is a lucid look at what the issues are, how they are often overlooked or violated in the normal course of business and things developers should consider when writing programs. The book covers everything from the mundane privacy problems people don't think about to high level privacy issues. For example, he discusses the privacy problems of sending a "private" email to someone else when it is subject to examination at your ISP level, may be on their backup tapes, may be on the log files of several computers between your ISP and the ending ISP, may be subject to examination by anyone of them, etc. He also discusses the privacy considerations of such items as medical patient records accessed over the Internet, encryption issues, and authorization issues.
With all this background information in mind he then discusses how to integrate consideration of these privacy issues into your program and way of thinking in general. This is not an expose of particular privacy problems but a theoretical framework for privacy that uses real-world examples to illustrate the issues. One of the really good points the author makes is that there is a difference between privacy and security. There are a lot of good books on security available today but privacy is rarely discussed. The author provides a thoroughly convincing argument as to why security is not enough and privacy issues must be considered at all times and in all environments.
Privacy: What Developers and IT Professionals Should Know is highly recommended for everyone even remotely connected to the computer technology environment, no exceptions.
<< 1 >>
|
|
|
|
