Security Congress Abstract
Law can be confusing, and sometimes lawyers don't make it any easier for non-lawyers to understand. Legal and regulatory requirements for information security are increasing and becoming more complex. There has been an evolution of laws and regulations pertaining to information security, and understanding the past helps predict the future trajectory. Information security risk is now tied to legal risk, and understanding both, and underlying evolving legal principles, allows businesses to make good decisions to protect their information assets, reputation and legal position. Without a doubt, misunderstandings result in poor decisions. Information security professionals need to understand basic legal principals and requirements, and this talk helps frame the issues.