Security Compliance
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing CompTIA Security+ premium course — no separate purchase.
Included in this chapter:
- Compliance reporting: internal vs. external
- Consequences of non-compliance
- Compliance monitoring: due diligence, due care, attestation, automation
- Privacy: roles, rights, ownership, inventory, and retention
Non-compliance consequences and how they bite
| Consequence | Source | Typical example | Primary mitigation |
|---|---|---|---|
| Fines | Statutory/regulatory | GDPR penalty up to 4% of global annual turnover | Maintain documented controls + breach reporting |
| Sanctions | Regulator/government | Operating restrictions or mandated remediation order | Demonstrate due diligence via monitoring evidence |
| Loss of license | Licensing body | Healthcare or financial license suspended | Continuous attestation against the licensing standard |
| Contractual impacts | Customer/partner contract | SLA penalties, contract termination, indemnity claims | Map controls to contractual security clauses |
| Reputational damage | Public/market | Customer churn and lost deals after a disclosed breach | Transparent reporting + rapid, documented response |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- NIST Glossary: attestation Whitepaper
- NIST Cybersecurity Framework 2.0 (Govern function) Whitepaper
- CompTIA Security+ (SY0-701) certification and exam objectives
- Security and Privacy Controls for Information Systems and Organizations (SP 800-53 Rev. 5) Whitepaper
- NIST Glossary: personally identifiable information (PII) Whitepaper
- Guide to Protecting the Confidentiality of PII (SP 800-122) Whitepaper
- NIST Privacy Framework Whitepaper