Security Policies and Implementation Issues, 3rd Edition by Robert Johnson, Chuck Easttom

The term compliance refers to how well an individual or business adheres to a set of rules. Security policy compliance means adhering to security policies. It is difficult to know whether an organization complies with every security policy. To state that an organization is compliant, you must be able to validate that the requirements within security policies have been applied to security controls and information. Difficulties arise due to the sheer volume of digital information. Even a relatively small business with only a few hundred employees could have tens of thousands of files. These files travel between servers, desktops, laptops, backup media, universal serial bus (USB) drives, and more. The issue becomes even ...