October 2022
Intermediate to advanced
398 pages
14h 14m
English
Organizations typically are judged to be in compliance through adherence to internal policies. In other words, policies are not a strict legal interpretation of the law. Security policies are interpretations of legal requirements that lead to compliance.
A law is any rule prescribed under the authority of a government entity. A regulatory agency may be granted the authority under the law to establish regulations. These regulations inherit their authority from the original law.
Consider the distinction between laws, regulations, and security policies as follows:
Laws establish the legal thresholds.
Regulatory requirements establish what an organization has to do to meet the legal thresholds. ...
Read now
Unlock full access