ABSTRACT
The goal of this chapter is not to specifically analyze all the legal implications of laws or regulations on the organization’s environment but rather to specify how to evaluate the capacity of the organization to create a suitable framework for the performance of information security compliance related activities.
