CISSP: 3 in 1- Beginner's Guide+ Guide to learn CISSP Principles+ The Fundamentals of Information Security Systems for CISSP Exam by Daniel Jones

Author:Daniel Jones [Jones, Daniel]
Language: eng
Format: azw3
Published: 2020-05-06T16:00:00+00:00

Chapter Four

Determining Compliance Requirements

In this chapter, we will be looking into the legal frameworks, how and why compliance is critical to information security. To stay in compliance with the regional, national, state, and other legislation, regulations, and standards always provide efficient and secure governance and control. Other than these requirements, an outstanding and critical requirement is the privacy and the protection of privacy. With the digital information networks, social media, digitized healthcare and other services provide millions of opportunities for external parties to steal and abuse private information of not only the organizations but of the individuals. Chapter four covers these topics comprehensively and gives you an understanding of everything you need to know.

In this chapter, you will learn:

- Contractual, legal, industry standards, and regulatory requirements.

- Classification of legislations and current frameworks.

- Privacy requirements.

- Privacy and data protection frameworks.

For some, the term compliance is not a familiar one. Therefore, first, it is better to start at this point. In the CISSP learning path, the 8th domain is all about Legal, Regulations, Investigations and Compliance. As it sounds, it is about legality and justice. Yes, indeed. As a security professional, one must acquire knowledge on laws and regulations. That is to bring wrongdoers to justice. There are laws about privacy, civil and criminal activities.

In this chapter, we are not going to go deeper into cyber-crime and cyber laws but the organizational requirements about laws, regulations and compliance. Regrettably, the laws were unable to keep up with the phase of technology in terms of development. This is causing a serious issue when we talk about cybercrime.

From an organizational standpoint, it must adhere to national laws, regulations and standards while building and encouraging professional ethics and code of conduct. This is followed by encouraging responsibility and accountability. All of these activities are for the safety and security of the organization as well as to set examples of lawful operations - staying compliant to the enforcements for betterment in other words. This also discourages the unethical and illegal operations from the inside as well as from the outside. This is what compliance is all about. It’s a practice and a discipline.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.