Over the last few years, several government agencies, the healthcare industry, and major retailers have reported the theft of personal information of millions of consumers and employees. Yet all of the those organizations were most likely required to have compliant and effective information security programs. Organizations that fail to follow regulatory requirements can end up paying substantial fines. Information security programs are built around security control frameworks including compliance audits. The class will examine relevant policies and regulations along with auditing practices. Topics covered include auditing standards and ethics, privacy, intellectual property, and legal issues in cyberspace. Specific policies and regulations include information security governance, Sarbanes-Oxley Act, consumer financial regulations such as the Graham-Leach-Bliley Act and the Payment Card Industry Data Security Standard, healthcare regulations such as Health Insurance Portability and Accountability Act, and other relevant federal and state regulations.