Discussion Post: Policy & Regulations
Security requirements are often closely tied to regulations that governments impose on organizations that hold any type of private, personal, or sensitive data. An effective security policy must address and enforce regulatory requirements for a given industry and jurisdictions where an organization operates. Having a good handle on what regulations apply where can become quite complex for a business headquartered and doing business in its home country while providing services internationally via its websites. While your situation may vary regarding the reach and complexity of your organizational experience, you will encounter the need to parse out legal language into functional requirements.
1) Identify an existing company or organization you're familiar with or that you have researched. What products or services does it provide? What types of secure information would this entity hold? Where does it conduct its business or services? What regulations hold its actors accountable to the sensitive data in its keep?
2) What types of security policies and controls would you recommend to comply with the regulations and to uphold information security for this organization?
The response must include a reference list. Using Times New Roman 12 pnt font, double-space, one-inch margins, and APA style of writing and citations.