O'Reilly logo

Governance and Internal Controls for Cutting Edge IT by Karen F. Worstell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 3: LEGISLATIVE AND REGULATORY COMPLIANCE CONCERNS

“It's strange that men should take up crime when there are so many legal ways to be dishonest.” Author unknown, quoted in Sunshine magazine

Overview of the Regulatory and Statutory Landscape

A critical input to the IT strategy and governance are the policies and requirements for business legal and regulatory compliance. ISO/IEC 27001:2005 Clause 4.2.1(b) 2 is a mandatory clause for any organization seeking ISO27001 certification (or to meet the intent of ISO27001) and it states:

“Define an ISMS (Information Security Management System) policy in terms of the characteristics of the business, the organization, its location, assets and technology that takes into account business and legal ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required