In a global online economy, organizations are tasked with protecting their cybersecurity assets. Penalties from failing to protect assets, such as customer data, can severely harm an organization and even lead to bankruptcy. Cybersecurity governance programs need to be aware of the laws and regulations affecting their organizations and use applicable standards or frameworks to develop appropriate cybersecurity polices and controls. Compliance programs then need to monitor policy compliance on a continuing basis. This chapter discusses the laws, regulations, and standards that are used to create cybersecurity polices and the typical tools used to measure compliance. In addition, theoretical cybersecurity compliance research is reviewed to highlight supplementary techniques to improve compliance.
ASJC Scopus subject areas
- Computer Science(all)