LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Legal, regulatory, and industry

Legal, regulatory, and industry

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Legal, regulatory, and industry

“

- [Narrator] Your internal policies are a great place to start when building out your list of software security requirements, but you don't want to stop there. You should also consider the influence of external requirements on your software security efforts. Generally speaking, those external requirements are likely to fall into one of three categories: legal, regulatory, and industry. While these categories are similar in the fact that they're all external to your organization, each one has its own nuances. Legal requirements are those defined by federal, state, or local governments. The requirements tend to be broadly applicable based on where your organization operates, and they often revolve around certain data types. The Sarbanes-Oxley Act of 2002 was designed to ensure transparency and accountability for publicly traded companies in the United States. Any company who sells stock must prove at least annually that they're in compliance with this law. Failure to comply with legal…

Contents