Chapter 13 Information Security Governance
by Joanna Lyn Grama
Legal and Privacy Issues in Information Security, 3rd Edition
- Cover
- Title Page
- Copyright Page
- Contents
- Dedication
- Preface
- Acknowledgments
- About the Author
- Chapter 1 Information Security Overview
- Why Is Information Security an Issue?
- What Is Information Security?
- Basic Information Security Concepts
- What Are Common Information Security Concerns?
- What Are the Mechanisms That Ensure Information Security?
- U.S. National Security Information
- Do Special Kinds of Data Require Special Kinds of Protection?
- Chapter Summary
- Key Concepts and Terms
- Chapter 1 Assessment
- Endnotes
- Chapter 2 Privacy Overview
- Why Is Privacy an Issue?
- What Is Privacy?
- How Is Privacy Different from Information Security?
- What Are the Sources of Privacy Law?
- What Are Threats to Personal Data Privacy in the Information Age?
- What Is Workplace Privacy?
- What Are General Principles for Privacy Protection in Information Systems?
- Chapter Summary
- Key Concepts and Terms
- Chapter 2 Assessment
- Endnotes
- Chapter 3 The American Legal System
- Chapter 4 Security and Privacy of Consumer Financial Information
- Business Challenges Facing Financial Institutions
- The Different Types of Financial Institutions
- Consumer Financial Information
- Who Regulates Financial Institutions?
- The Federal Reserve System
- Federal Deposit Insurance Corporation
- National Credit Union Administration
- Office of the Comptroller of the Currency
- Special Role of the Federal Financial Institutions Examination Council
- Special Roles of the Consumer Financial Protection Bureau and the Federal Trade Commission
- The Gramm-Leach-Bliley Act
- Federal Trade Commission Red Flags Rule
- Payment Card Industry Standards
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 4 Assessment
- Endnotes
- Chapter 5 Security and Privacy of Information Belonging to Children and in Educational Records
- Chapter 6 Security and Privacy of Health Information
- Business Challenges Facing the Healthcare Industry
- Why Is Healthcare Information So Sensitive?
- The Health Insurance Portability and Accountability Act
- The Role of State Laws Protecting Medical Records
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 6 Assessment
- Endnotes
- Chapter 7 Corporate Information Security and Privacy Regulation
- The Enron Scandal and Securities-Law Reform
- Why Is Accurate Financial Reporting Important?
- The Sarbanes-Oxley Act of 2002
- Compliance and Security Controls
- SOX Influence in Other Types of Companies
- Corporate Privacy Issues
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 7 Assessment
- Endnotes
- Chapter 8 Federal Government Information Security and Privacy Regulations
- Chapter 9 State Laws Protecting Citizen Information and Breach Notification Laws
- Chapter 10 Intellectual Property Law
- The Digital Wild West and the Importance of Intellectual Property Law
- Legal Ownership and the Importance of Protecting Intellectual Property
- Patents
- Trademarks
- Copyright
- Protecting Copyrights Online—The Digital Millennium Copyright Act (DMCA)
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 10 Assessment
- Endnotes
- Chapter 11 The Role of Contracts
- Chapter 12 Criminal Law and Tort Law Issues in Cyberspace
- Chapter 13 Information Security Governance
- What Is Information Security Governance?
- Information Security Governance Documents
- Recommended Information Security Policies
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 13 Assessment
- Endnotes
- Chapter 14 Risk Analysis, Incident Response, and Contingency Planning
- Chapter 15 Computer Forensics and Investigations
- Appendix A Answer Key
- Appendix B Standard Acronyms
- Appendix C Law and Case Citations
- Appendix D The Constitution of the United States of America
- Glossary of Key Terms
- References
- Index
© mirjanajovic/DigitalVision Vectors/Getty Images
Information Security Governance
THIS CHAPTER DISCUSSES information security governance. It also discusses information security policies. An organization’s governance structure is an important part of its information security program. Governance focuses on the structure used to protect resources and data. This structure must support business needs and provide security. Strong governance helps create strong security programs.
Organizations use policies, standards, guidelines, and procedures to create their security program. These documents help guide employee conduct and state the organization’s rules for how information technology resources are secured. They also help protect an organization from legal liability.
Chapter 13 Topics
This chapter covers the following topics and concepts:
- What information security governance is
- What information security governance documents are
- What recommended information security policies are
- What some case studies and examples are
Chapter 13 Goals
When you complete this chapter, you will be able to:
- Describe the key concepts and terms associated with information security governance
- Describe the goals of different information security governance documents
- Describe the different types of policies that can be used to govern information security
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.