Chapter 3

Statutory and Regulatory GRC

Abstract

Security criteria for governance, risk, and compliance are covered in this chapter, to include US federal statutory laws and requirements, federal agency regulatory requirements, and various international and industry standards and requirements.

Keywords

GRC
legal
compliance
governance
regulations
Today’s security world includes a major change from the past. All security and corporate managers now need to be concerned with compliance and governance of risks, security, and the information usage in their systems. These processes have evolved over the past 10 years into an area known as GRC. GRC is an acronym for governance, risk, and compliance and includes corporate considerations of risks, methods, ...

Get Security Controls Evaluation, Testing, and Assessment Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.