Section 11.101 Governance Considerations Flashcards
Objectives 5.1 Summarise elements of effective security governance. Objectives 5.4 Summarise elements of effective security compliance
Regulatory Considerations
Organisations must comply with various regulations, depending on industry and location
Regulations cover areas such as:
● Data Protection
● Privacy
● Environmental Standards
● Labor Laws
Non-compliance leads to penalties, sanctions, and reputational damage
Legal Considerations
Complement regulatory considerations, encompassing contract, intellectual property, and corporate law
■ Employment laws address minimum wage, overtime, safety, discrimination, and benefits
■ Litigation risks include breach of contract, product liability, and employment disputes
■ Robust legal strategies and resources are needed to manage legal risks
Industry Considerations
Refer to industry-specific standards, practices, and ethical guidelines
■ Not legally binding but influence customer, partner, and regulator expectations
■ Non-adoption may lead to competitive disadvantages and stakeholder criticism
Geographical Considerations
Geographical regulations impact organizations at local, regional, national, and global levels
Local considerations include city ordinances, zoning laws, and operational restrictions
■ Regional considerations, like CCPA in California, impose state-level regulations
■ National considerations, e.g., ADA in the US, affect businesses across the entire country
■ Global considerations, like GDPR, apply extraterritorially to organizations dealing with EU citizens’ data
Conflict of laws between jurisdictions is a significant challenge
■ Navigating these differences requires deep legal knowledge and flexibility in governance
