Chapter 5. Developing a Compliant Security Program

Implementing legally-compliant “reasonable security” requires the development of an appropriate comprehensive information security program. While much has been written about developing an information security program from a technical perspective, this chapter will focus on the legal requirements.

As noted in Chapter 4, developing a legally-compliant information security program involves an iterative process that requires that a company do the following:

Identify its information and system assets.
Conduct periodic risk assessments to:
✓ identify the specific threats to those assets the company faces,
✓ identify its vulnerabilities to those threats, and
✓ estimate the resulting harm if a threat materializes ...

Get Information Security Law: The Emerging Standard for Corporate Compliance now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Information Security Law: The Emerging Standard for Corporate Compliance by Thomas J. Smedinghoff

Chapter 5. Developing a Compliant Security Program

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly