Categorically, security implies protection while privacy implies confidentiality. Laws and regulations have been enacted throughout the world addressing either or both areas as well as intellectual property and contracts. Compliance with laws and regulations are considered essential to avoid legal prosecution risks that may impose various penalties and fines if an employee or organizational formation is convicted for breaching proclaimed unacceptable behavior. For most entity’s, this means systematizing standard practices that cover the regulatory spectrum and decreasing legal compliance complexity.
Davis, Robert E. IT Auditing: An Adaptive Process.Mission Viejo, CA: Pleier Corporation, 2005. CD-ROM.
Ross, Ron, Stu Katzke, Arnold Johnson, Marianne Swanson, Rogers George, and Gary Stoneburner. NIST Special Publication 800-53: Recommended Security Controls for Federal Information Systems. Rev. ed. Washington, DC: Government Printing Office, 2007. http://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2-final.pdf (accessed April 21, 2008).