Chapter 2

Legal and Regulatory Obligations Regarding Data and Information Security

Abstract

This chapter discusses the historical background, sources, and scope of the current definitive legal standard for information technology security practices at most U.S. companies, regardless of size or industry sector. In addition, this chapter includes discussion of the requirement for a process-oriented written information security program (WISP) and the minimum required elements of a WISP, including the requirements to provide both “reasonable security” and security breach notification.

Keywords

Information security; Security measures; Information technology; Legal; Regulatory; Law; Statute; Compliance; Security breach; Plan; Risk; Best practices

In this ...

Get Business Continuity and Disaster Recovery Planning for IT Professionals, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.