Chapter . Introduction
Information security, once viewed as being solely within the domain of the IT department, is now a key issue for many businesses and organisations. Industry regulations, legal requirements, media coverage of information security incidents and a growing demand from clients that companies better manage and secure the information within their care have forced information security out of the IT department and into the boardroom.
Companies are now faced with the dilemma of ensuring their information is secure enough to satisfy their business needs and is also compliant with various legal and regulatory requirements, such as the Data Protection Act, Basel II or the US Sarbanes-Oxley Act.
Information security is not solely about ...