Understanding IT compliance and the CISO's role
IT compliance is tasked to CISO executives in a company. They need to ensure that their company is compliant with all the necessary laws, including those listed in this chapter, that govern companies in their jurisdiction. For instance, the PIPEDA laws are Canadian laws that affect all organizations that target Canadian people's information, regardless of where the companies are located. This means that if you sell products to people in Canada or Canadian people can come to your online business and need to provide the business with their personal information, then the PIPEDA laws will apply to the business as well. GDPR works similarly. It is meant to protect EU citizens, regardless of where the business seeking their information is located.
As a CISO executive, it is important to understand the demographics of the business and understand all the laws that apply and that could affect the business, as well as ensure that...
