Compliance Law Requirements and Business Drivers
The System/Application Domain refers to the software needed to collect, process, and store information. It is more than securing communication between the end user and the data used by the software. What collects, processes, and stores data is ultimately software. Performing safe handling of data is not just good business practice but is mandated by laws, rules, and regulations (LRR). Ensuring software complies with LRRs is important to avoid fines and meet regulator expectations.
Let’s illustrate this point by examining the common software feature of encryption. Many laws mandate and strongly encourage the use of encryption to protect the confidentiality of data. For example, the Health Insurance ...
Get Auditing IT Infrastructures for Compliance, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
