Infosec Policies and Standards in the Private Sector
Application of information security standards and policies can be better defined in industries and organizations that must comply with specific regulations.
As more industries become regulated, and as the regulations themselves become more standardized into common practice, this puts pressure on nonregulated industries to conform their practices too.
Legal theory in the United States is heavily tilted towards establishing what is "reasonable," making the practice of all organizations best aligned in common practice where possible.
Use the study materials and engage in any additional research needed to fill in knowledge gaps. Then discuss the following:
Describe the relationship between information security standards organizations and the creation of internal information security policy within private sector organizations.
Identify how the adoption of standard and the creation of policy must be adopted within the context of the core business goals and objectives of an organization.
Explain how the information security professional can ensure that there is adequate consideration and approval for diverging from common practice in situations where that is necessary.