ABSTRACT
Numerous laws have been put in place. In some cases, these laws overlap, adding to the complexity for the security officer attempting to build a one-size-fits-all information security program. This chapter provides a brief synopsis of some of the key laws that have driven information security in recent years, as well as some of the high-level controls that are required. It provides an executive guide to the information security laws impacting information security decisions. The legal staff must be involved in contracts of services or products of other organizations to ensure that the appropriate information security language is included. The Safeguards Rule of the Gramm—Leach—Bliley Act requires the development of a written information security plan and must protect the current and past client’s financial information. The primary purpose of the Federal Information Security Management Act of 2002 is to provide a comprehensive framework for ensuring the effectiveness of security controls over information resources that support federal operations and assets.
