ABSTRACT
As any competent engineer knows, one hallmark of a good requirement is that it is testable. Likewise, one property of a good regulation is that compliance can be measured easily and objectively through the use of metrics. Chapter 3 navigates the galaxy of compliance metrics and the security and privacy regulations to which they apply. A brief discussion of the global regulatory environment starts the chapter. Particular attention is paid to the legal ramifications of privacy. Then, 13 current security and privacy regulations are examined in detail, along with the role of metrics in demonstrating compliance. Compliance with internal corporate security and privacy policies is discussed in Chapter 4, under Section 4.5, “Operational Security.”
