Information Security: The Emerging Standard for Corporate Compliance
Autor Thomas J. Smedinghoffen Limba Engleză Paperback – 30 sep 2008
Emerging information security compliance requirements.
While this reliance on technology provides tremendous economic benefits, it also creates significant potential vulnerabilities that can lead to major harm to a company and its various stakeholders. As a result, public policy concerns regarding these risks are driving the enactment of numerous laws and regulations that require businesses to adequately address the security of their own data.
Information Security Law: The Emerging Standard for Corporate Compliance is designed to help companies understand this developing law of information security, the obligations it imposes on them, and the standard for corporate compliance that appears to be developing worldwide. ISO/IEC 27001, the international information security standard, should be read alongside this book.
Emerging global legal framework - and compliance in multiple jurisdictions.
This book takes a high level view of the multitude of security laws and regulations, and summarizes the global legal framework for information security that emerges from them. It is written for companies struggling to comply with several information security laws in multiple jurisdictions, as well as for companies that want to better understand their obligations under a single law. It explains the common approach of most security laws, and seeks to help businesses understand the issues that they need to address to become generally legally compliant.
Preț: 370.94 lei
Nou
Puncte Express: 556
Preț estimativ în valută:
70.99€ • 73.96$ • 59.02£
70.99€ • 73.96$ • 59.02£
Carte tipărită la comandă
Livrare economică 04-10 februarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781905356669
ISBN-10: 1905356668
Pagini: 190
Dimensiuni: 140 x 216 x 11 mm
Greutate: 0.25 kg
Editura: It Governance Ltd
ISBN-10: 1905356668
Pagini: 190
Dimensiuni: 140 x 216 x 11 mm
Greutate: 0.25 kg
Editura: It Governance Ltd
Cuprins
Introduction Chapter 1: Security basics: The legal perspective 1.1 Definition of information security 1.2 Objectives of information security 1.3 Threats addressed by information security 1.4 Information security controls Chapter 2: Legal response to security 2.1 Declaring conduct illegal 2.2 Requiring the protection of data Chapter 3: The general duty to provide security 3.1 The basic obligation 3.2 Where does the obligation come from? 3.3 Who does the obligation apply to? 3.4 What is covered? 3.5 Who is responsible for security? Chapter 4: The legal standard for compliance 4.1 Recognition that security is relative 4.2 Legal definition of A"reasonable securityA" 4.3 Adoption of the legal definition Chapter 5: Developing a compliant security program 5.1 Identify information assets 5.2 Conduct a risk assessment 5.3 Select and implement security controls 5.4 Monitor and test the controls 5.5 Review and adjust the program 5.6 Oversee third party service providers Chapter 6: Security controls to consider 6.1 Physical security controls 6.2 Technical security controls 6.3 Administrative security controls 6.4 Special rules for specific data elements Chapter 7: The role of standards 7.1 Standards and industry customs 7.2 The legal impact of standards 7.3 ISO27001: Road to global legal compliance? Chapter 8: Security breach notification 8.1 Objectives of the breach notification laws 8.2 Viewing the laws in perspective 8.3 The breach notification obligation 8.4 International adoption 8.5 What companies need to do Appendix A. U.S. federal statutes B. U.S. state statutes C. U.S. federal regulations D. U.S. state regulations E. U.S. court decisions F. U.S. FTC decisions and consent decrees G. U.S. state Attorneys General consent decrees H. Country laws ITG Resources
Descriere
Designed to provide an overview to the law of information security and the standard for corporate compliance that appears to be developing worldwide, this book takes a high-level view of security laws and regulations.