Understanding and Assessing the Impact of Legal and Compliance Issues on an Organization
An organization must know what laws and regulations apply to it because noncompliance can have serious consequences. Some laws assess hefty fines on an organization, some laws can result in jail time, and some laws can negatively affect an organization’s ability to do business. Once pertinent laws and regulations have been identified, the organization needs to ensure that it is in compliance.
In this context, compliance is a mitigation control. Controls are implemented to mitigate risk, which they do by reducing or neutralizing threats or vulnerabilities to an acceptable level.
For example, Health Insurance Portability and Accountability Act (HIPAA) fines ...
Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
