Chapter 4. The Legal Standard for Compliance
The general obligation to provide security for data is often simply stated in the law as an obligation to provide “reasonable” or “appropriate” security designed to achieve certain objectives. In some cases, statutes and regulations define those objectives in terms of positive results to be achieved, such as ensuring the availability of systems and information, controlling access to systems and information, and ensuring the confidentiality, integrity, and authenticity of information.[1] In other cases, they define those objectives in terms of the harms to be avoided – e.g. to protect systems and information against unauthorized access, use, disclosure or transfer, modification or alteration, processing, ...
Get Information Security Law: The Emerging Standard for Corporate Compliance now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.