ABSTRACT
For organizations that are not subject to either the FCEA or CSA regulations, proper controls and continuation of service are spelled out in contracts with their customers. All organizations in the public, private, or government sector are therefore required to establish effective computer security policies and procedures either by law, contract, or just plain good business practice.
