Compliance
Compliance is adherence to the rules and regulations that govern the information you handle and the industry within which you operate.
- Compliance fulfills a business need, rather than any technical security need
- compliance ≠ security
Types of Compliance
Regulatory compliance is your adherence to the laws specific to the industry in which you’re operating.
- mandated by government
Industry compliance is adherence to regulations that aren’t mandated by law, but set by industry organizations.
- can nonetheless have severe impacts upon your ability to conduct business
- E.g., PCI DSS compliance