Information Security Management in a Regulation Driven World
Contributed by Christina Freeman
This paper will explore the positive aspects and the challenges to managing information security in a world that is full of regulatory requirements. While the United States has the most requirements, such as Sarbanes Oxley, Payment Card Industry Data Security Standard, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, etc., providing direction for the management of information security in the US, there are many other regulations that affect other countries as well, sometimes in contrast to US requirements. In many other countries there are, at the very least, some type of privacy or personal information protection regulation. In addition to examining these regulatory requirements, I will analyze how these regulatory requirements affect information security management as a whole and how global organizations handle the different regulations in which compliance is required.
This document is in PDF format. To view it click here.