O'Reilly logo

Information Security Law: The Emerging Standard for Corporate Compliance by Thomas J. Smedinghoff

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Developing a Compliant Security Program

Implementing legally-compliant “reasonable security” requires the development of an appropriate comprehensive information security program. While much has been written about developing an information security program from a technical perspective, this chapter will focus on the legal requirements.

As noted in Chapter 4, developing a legally-compliant information security program involves an iterative process that requires that a company do the following:

  • Identify its information and system assets.

  • Conduct periodic risk assessments to:

    ✓ identify the specific threats to those assets the company faces,

    ✓ identify its vulnerabilities to those threats, and

    ✓ estimate the resulting harm if a threat materializes ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required