COMPLYING WITH SECURITY-RELATED REGULATIONS, legislation, and other requirements means ensuring your organization protects the security of your information. In most cases, ensuring information security means ensuring users take appropriate actions and refrain from inappropriate actions. Although the directive seems simple, implementing it can be complex. In Chapter 8, you learned about compliance in the User Domain. You learned about the requirements of information system users and their responsibilities in ensuring the security of your organization's information.

If all users were perfect and completely compliant, there wouldn't be a need to consider any further security layers. Remember that ...