Regulatory standards for the countries you operate in and exchange data with govern security practices. Some additional regulatory standards apply to certain industries. Health care, federal governments, and financial services are three major sectors that are strictly governed by regulatory compliance. A major aspect of security planning is knowledge of the applicable regulatory standards.
For more information about regulatory requirements in the United States, see Computer Security Resource Center (CSRC) and Federal Information Processing Standards Publications (FIPS PUBS)
For more information about regulatory requirements in Europe, see ECMA International.