The Complete Book of Data Anonymization From Planning to Implementation

 Content: Overview of Data Anonymization Points to Ponder PII PHI What is Data Anonymization? What are the Drivers for Data Anonymization?   The Need To Protect Sensitive Data Handled As Part Of Business   Increasing Instances of Insider Data Leakage, Misuse of Personal Data and the Lure of Money for Mischievous Insiders   Employees Getting Even With Employers   Negligence of Employees to Sensitivity of Personal Data   Astronomical Cost to the Business due to Misuse of Personal Data Risks Arising out of Operational Factors Like Outsourcing and Partner Collaboration    Outsourcing Of IT Application Development, Testing And Support   Increasing Collaboration With Partners   Legal and Compliance Requirements Will Procuring and Implementing a Data Anonymization Tool by Itself Ensure Protection of Privacy of Sensitive Data?   Ambiguity of Operational Aspects   Allowing the Same Users to Access both Masked and Unmasked Environment   Lack Of Buy-In From IT Application Developers, Testers and End-Users   Compartmentalized Approach to Data Anonymization   Absence of Data Privacy Protection Policies or Weak enforcement of Data Privacy Policies Benefits Of Data Anonymization Implementation  DATA ANONYMIZATION PROGRAM SPONSOR\'S GUIDEBOOK  Enterprise Data Privacy Governance Model Points to Ponder Chief Privacy Officer Unit /Department Privacy Compliance Officers The Steering Committee for Data Privacy Protection Initiatives   Management Representatives   Information Security And Risk Department Representatives   Representatives from the Department Security and Privacy Compliance Officers Incident Response Team The Role of the Employee in Privacy Protection The Role of the CIO Typical Ways Enterprises Enforce Privacy Policies  Enterprise Data Classification Policy and Privacy Laws Points to Ponder Regulatory Compliance Enterprise Data Classification Points to Consider Controls For Each Class Of Enterprise Data  Operational Processes, Guidelines and Controls for Enterprise Data Privacy Protection Points to Ponder Privacy Incident Management Planning for Incident Resolution   Preparation   Incident Capture   Incident Response   Post Incident Analysis Guidelines and Best Practices   PII/PHI Collection Guidelines   Guidelines for Storage and Transmission of PII/PHI   PII/PHI Usage Guidelines   Guidelines for Storing PII/PHI on Portable Devices and Storage Devices    Guidelines for Staff  The Different Phases of a Data Anonymization Program Points to Ponder How Should I Go about the Enterprise Data Anonymization Program?   The Assessment Phase   Tool Evaluation and Solution Definition Phase   Data Anonymization Implementation Phase   Operations Phase or the Steady-State phase Food For Thought   When Should the Organization Invest on a Data Anonymization Exercise?   The Organization\'s Security Policies Anyway Mandate Authorization to be Built-in For Every Application. Won\'t This be Sufficient? Why is Data Anonymization Needed?   Is there a Business Case for Data Anonymization Program in My Organization?   When Can a Data Anonymization Program be Called as a Successful One?   Why Should I go for a Data Anonymization Tool when SQL Encryption Scripts Can be Used to Anonymize Data?   What are the Benefits Provided by Data Masking Tools for Data Anonymization?   Why is a Tool Evaluation Phase Needed?   Who Should Implement Data Anonymization? Should it be the Tool Vendor or the IT Service Partner or External Consultants or Internal Employees?   How Many Rounds of Testing Must be Planned to Certify that Application Behavior is Unchanged with use of Anonymized Data?  Departments Involved in Enterprise Data Anonymization Program Points to Ponder The Role of the Information Security and Risk Department The Role of the Legal Department The Role of Application Owners and Business Analysts The Role of Administrators The Role of the Project Management Office (PMO) The Role of the Finance department Steering Committee  Privacy Meter- Assessing The Maturity Of Data Privacy Protection Practices In The Organization Points to Ponder Planning A Data Anonymization Implementation Data Privacy Maturity Model  Enterprise Data Anonymization Execution Model  Points to Ponder Decentralized Model Centralized Anonymization Setup Shared Services Model  Tools and Technology Points to Ponder Shortlisting Tools for Evaluation Tool Evaluation and Selection   Functional Capabilities    Technical Capabilities   Operational Capabilities   Financial Parameters Scoring criteria for Evaluation  Anonymization Implementation - Activities & Effort Points to Ponder Anonymization Implementation Activities For An Application   Application Anonymization Analysis and Design   Anonymization Environment Setup   Application Anonymization Configuration and Build   Anonymized Application Testing Complexity Criteria   Application Characteristics   Environment Dependencies Arriving at an Effort Estimation Model   Definition of Complexity Criteria   Ready-Reckoner Preparation   Determination Of The Complexity Of The Application To Be Anonymized   Assignment of Effort to Each Activity Based on the Ready-Reckoner Case Study   Context   Estimation Approach   Application Complexity   Arriving at a Ball Park Estimate  The Next Wave of Data Privacy Challenges  DATA ANONYMIZATION PRACTITIONERS GUIDE  Data Anonymization Patterns Points to Ponder Pattern Overview  Data State Anonymization Patterns Points to Ponder Principles of Anonymization Static Masking Patterns   EAL Pattern (Extract Anonymize Load Pattern)   ELA Pattern (Extract Load Anonymize Pattern)   Data Subsetting Dynamic Masking Dynamic Masking Patterns   Interception Pattern   Invocation Patterns   Application of Dynamic Masking patterns Dynamic Masking vs. Static Masking  Anonymization Environment Patterns Points to Ponder Typical Application Environments in an enterprise Testing Environments   Standalone Environment   Integration Environment   Automated Integration Test environment   Scaled-Down Integration Test Environment  Data Flow Patterns Across Environments Points to Ponder Flow of Data from Production Environment Databases to Non-Production Environment Databases Movement of Anonymized Files from Production Environment to Non-Production Environments Masked Environment for Integration Testing-Case Study  Data Anonymization Techniques Points to Ponder Basic Anonymization Techniques   Substitution   Shuffling   Number Variance   Date Variance   Nulling Out   Character Masking   Cryptographic Techniques  Partial Sensitivity and Partial Masking Masking Based on External Dependency Auxiliary Anonymization Techniques Alternate Classification of Data Anonymization Techniques   Substitution Techniques   Translation Techniques Leveraging Data Anonymization Techniques  Data Anonymization Implementation Points to Ponder Pre-Requisites Before Starting The Anonymization Implementation Activities   Sensitivity Definition Readiness - What is Considered as Sensitive Data by the Organization?   Sensitive Data Discovery- Where does Sensitive Data Exist? Application Architecture Analysis Application Sensitivity Analysis   What is Sensitivity Level and How Do We Prioritize Sensitive Fields for Treatment? Anonymization Design Phase Anonymization Implementation, Testing, and Rollout Phase Anonymization Operations Incorporation of Privacy protection procedures as part of Software Development Life Cycle and Application Lifecycle for New Applications   Impact on SDLC Team Challenges Faced as part of Any Data Anonymization Implementation Best Practices To Ensure Success Of Anonymization Projects  Glossary