Legal and Compliance
In the world of cloud-native software security, understanding the legal and compliance aspects is as crucial as mastering the technical skills. This chapter aims to bridge the gap between these two seemingly disparate areas, providing you, the security engineer, with a comprehensive understanding of the laws, regulations, and standards that govern your work. In the previous chapter, you learned about different techniques for automating security and compliance policies using DevSecOps tools such as Terraform and other incident response tools. Following the same train of thought, in this chapter, we will learn about even more policies and compliance standards set out by government bodies across different countries that tech companies are expected to follow.
By the end of this chapter, you will not only have gained knowledge about the key US privacy and security laws but have also learned how to analyze these laws from a security engineer’s perspective....