Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 5. Developing a Compliant Security Program - Pg. 72

CHAPTER 5: DEVELOPING A COMPLIANT SECURITY PROGRAM Implementing legally-compliant "reasonable security" requires the development of an appropriate comprehensive information security program. While much has been written about developing an information security program from a technical perspective, this chapter will focus on the legal requirements. As noted in Chapter 4, developing a legally-compliant information security program involves an iterative process that requires that a company do the following: · Identify its information and system assets. · Conduct periodic risk assessments to: identify the specific threats to those assets the company faces,