Auditing IT Infrastructures for Compliance, 3rd Edition

What Must Your Organization Do to Be in Compliance?

Organizations typically are judged to be in compliance through adherence to internal policies. In other words, policies are not a strict legal interpretation of the law. Security policies are interpretations of legal requirements that lead to compliance.

A law is any rule prescribed under the authority of a government entity. A regulatory agency may be granted the authority under the law to establish regulations. These regulations inherit their authority from the original law.

Consider the distinction between laws, regulations, and security policies as follows:

Laws establish the legal thresholds.
Regulatory requirements establish what an organization has to do to meet the legal thresholds. ...

Get Auditing IT Infrastructures for Compliance, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Auditing IT Infrastructures for Compliance, 3rd Edition by Robert Johnson, Marty Weiss, Michael G. Solomon

What Must Your Organization Do to Be in Compliance?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly