In information security, external rules and regulations often govern your ability to collect information, pursue investigations, and monitor networks, among other activities. To comply with these rules, you can set requirements for protecting your organization, designing new systems and applications, deciding on how long to retain data, or encrypting or tokenizing sensitive data.

In this chapter, I’ll outline some rules that might affect your organization and discuss how to ensure compliance to them.

What Is Compliance?

Simply put, compliance is your adherence to the rules and regulations that govern the information ...

Get Foundations of Information Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.