2.4 Compliance/Governance

Most mid-to-large organizations have a department devoted to ensuring compliance with policies, and particularly in regulated organizations such as banking, transportation, and health care. These departments are often referred to as either the compliance or the governance department. Their function is to oversee and audit the software and processes that the organization develops, uses, and/or performs to ensure they adhere to the rules. This department interacts with, and sometimes is integrated into, the development and operations groups. They also help to prevent insider threats via several initiatives, particularly about cybersecurity and regulatory requirements, and with the help of threat modeling tools.

Given ...

Get Information Security Management, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.