Chapter 3

Statutory and Regulatory GRC

Abstract

Security criteria for governance, risk, and compliance are covered in this chapter, to include US federal statutory laws and requirements, federal agency regulatory requirements, and various international and industry standards and requirements.

Keywords

GRC

legal

compliance

governance

regulations

Today’s security world includes a major change from the past. All security and corporate managers now need to be concerned with compliance and governance of risks, security, and the information usage in their systems. These processes have evolved over the past 10 years into an area known as GRC. GRC is an acronym for governance, risk, and compliance and includes corporate considerations of risks, methods, ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Controls Evaluation, Testing, and Assessment Handbook by Leighton Johnson

Statutory and Regulatory GRC

Abstract

Keywords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly