COMPLIANCE IS MORE THAN just checking items off a list. It is a dynamic process of ensuring the items in each domain meet or exceed your goals. Because conditions can change in any organization, the status of how well you are meeting your goals can change as well. You should make all decisions related to security controls to satisfy your security policy and any other relevant compliance requirements. Ensuring compliance to your security policy keeps security-related actions headed in the right direction.

Chapter 3 discussed the seven domains of a typical information technology (IT) infrastructure. The User Domain defines the components in the IT infrastructure that directly interact with information ...