This document discusses laws, regulations, ethics, and professional organizations related to information security. It covers the differences between laws and ethics, types of laws, relevant US laws including the Computer Fraud and Abuse Act and laws around privacy like HIPAA. Organizational liability, policies versus laws, and the need for legal counsel are also addressed. The goal is to help information security practitioners understand the legal environment and minimize risks.