CHAPTER |
Access Control Laws, Policies, and Standards |
WHILE MANY ORGANIZATIONS adopt access controls to achieve business objectives, these mechanisms are also adopted for many other reasons. This chapter examines the laws and regulations governing information security and the ways that complying with these regulations drives the use of access controls. This chapter also discusses how organizations use policies, standards, procedures, and guidelines to achieve control objectives.
You will read in this chapter what happens when access controls fail. Security breaches can have serious implications ranging from loss of profitability to fines and prison time. The goal of this chapter is to highlight the important role access control plays in the larger scheme of business, governmental regulation, and the operation of critical infrastructures such as the electricity grid.
This chapter covers the following topics and concepts:
When you complete this chapter, you will be able to: