Chapter 3. Maintaining Compliance

MANY LAWS AND REGULATIONS ARE IN PLACE regarding the protection of IT systems. Companies have a requirement to comply with the laws that apply to them. The first step is to understand the laws. You're not expected to be a lawyer, but you should understand the basics of relevant laws.

Once you have an idea of which laws and regulations apply, you can then dig in deeper to ensure your organization is in compliance. The cost of not complying can sometimes be expensive. Fines can be in the hundreds of thousands of dollars. Some offenses can result in jail time.

Get Managing Risk in Information Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.