TABLE OF CONTENTS | Do Not Practice Law Without a License | In virtually every U.S. state, individuals are legally prohibited from practicing law without a license. For example, in Colorado, practicing law is defined, by law, to include, counseling, advising and assisting [another] in connection with legal rights and duties. Penalties for the unauthorized practice of law in Colorado can include fines or imprisonment. Information security consultants should not, under any circumstances, purport to advise customers as to the legal implications of statutes such as the HIPAA, Gramm-Leach-Bliley financial information privacy provisions, or other federal, state, or local laws or regulations. First, the consultants risk legal action against them by doing so. Second, they do their customers a grave disservice by leading them to believe that the customers can take any legal comfort from advice given them by non-lawyers. |
This chapter provides the framework for creating an overarching corporate Information Technology (IT) security project plan. In subsequent chapters, we ll step through Individual Security Area Projects (ISAPs). This and subsequent chapters are intended to be used as templates to guide you through your security project planning process. There is no one-size-fits-all approach to any security project planning process; thus, you will need to modify your security project plan to fit your organization s requirements. This chapter provides the basic building blocks to help you get started. As you read this chapter, keep in mind that the same principles apply, with some variation, to each of the ISAPs discussed later in this book. As you become...
