Читать книгу Linux Security Fundamentals - David Higby Clinton - Страница 18

Besides the moral obligation to protect your users and organization from harm, you will probably also need to ensure that your infrastructure configurations meet legal and regulatory requirements. One particularly prominent set of laws is the European Union’s General Data Protection Regulation (GDPR). The GDPR affects any organization that processes data that is sent either to or from the European Union (EU). Failure to appropriately protect the privacy and safety of protected data moving through EU territory can result in significant—even crippling—fines.

Other regulatory systems that might, depending on where and how your organization operates, require your compliance include the Payment Card Industry Data Security Standards (PCI-DSS) administered by major international credit card companies and the US government’s Health Insurance Portability and Accountability Act (HIPAA).