An Introduction To
Compliance with legal requirements
Objective: To avoid breaches of any law, statutory, regulatory or contractual obligations and of any security requirements.
The design, operation, use and management of information systems may be subject to statutory, regulatory and contractual security requirements.
Identification of applicable legislation
All relevant statutory, regulatory and contractual requirements should be explicitly defined and documented.
Intellectual property rights (IPR)
Appropriate controls should be implemented to ensure compliance with relevant legal requirements for the use of copyrighted or trademarked material.
Protection of organisational records
Important records of an organisation should be protected from loss, destruction and falsification.
Data protection and privacy of personal information
Applications handling personal data should comply with the relevant data protection legislation and principles.
Prevention of misuse of information processing facilities
Information processing facilities should only be used for authorised business purposes.
Regulation of cryptographic controls
Legislation regarding cryptography in all countries where organisational data or information processing facilities may reside must be understood and obeyed.
The Security Practitioner
An Introduction to Information Security