ABSTRACT
A variety of laws and regulations have surfaced over the past decade in an attempt to strengthen the security of information stored within the companies to which the information assets are entrusted. As a result of the laws that have been enacted, various security control “standards” and “frameworks” have evolved and become popular means to meet the requirements of the laws. Since laws and regulations are intentionally developed at a higher, “what needs to happen” level vs. the “how to secure the information” level, the standards and control frameworks become valuable tools to ensure that security is planned, organized, implemented, tested, and monitored.
