In the Cyberworld Computers are heavily used to do Cyber Crime. Hence, because of these undesirable things – Organization wanted to keep them from happening again. Accordingly, it leads to the beginning of Computer Crimes Law. Actually, this is true for all Crime Law -> Law is created to avoid Crimes to re-occur in Future.
Below mindmap explains the Computer Crimes and their objectives. To protect Organizations from Computer Crimes, U.S. has developed a series of Computer Crime Laws over the years. Refer to below mindmap for all required details.
Every country follows some kind of Legal system. Below figure shows different types of Legal system.
Since CISSP discuss more on U.S. Laws and Regulation; hence we will restrict our-self to U.S. only. We can observe that the U.S. follow “Common Legal System”. As an IT professional / Security professional; we understand that Laws and regulations have a significant impact on “How we work & behave day to day”. Hence below picture depicts some of the essential laws as covered by CISSP course content.
Over the last decade, the regulatory environment governing information security has grown increasingly complex. Organisations may find themselves subject to a wide variety of below laws
Computer Crime Laws
Intellectual Property Law
Software Licensing Law
Also, some regulations imposed by regulatory agencies or contractual obligations such as PCI-DSS, which could be a mandate to run your Business efficiently. Refer to below screenshot to know more details about PCI-DSS.
There could be other regulatory compliance such as Auditing – For gathering shreds of evidence, finding the weakness in a system Reporting – In case there is a “Breach.” Metrics – To identify the effectiveness of your control & trend identification.
Every country follows some kind of Legal So, Who is the Weakest element in the Security Realm – “Human.”
Who is the biggest culprit in the Security Realm – “Human.”
No matter what controls have been deployed in any environment; Human will always discover a way to avoid/circumvent/disable it.
Image a situation if that Human belongs to your own, i.e. Employee. In such a case; Employee becomes your biggest Threat. Therefore it is vital to take Humanity of Users in account while Designing and deploying security solutions for your environment. Hence, anything which gives extra power & privileges to the employee is considered to be the most significant security risk for an Organization.
Refer to below mindmap which explains the complete details in the Realm of Personnel Security. System. Below figure shows different types of Legal system.
In this blog, we will take a look at the different Categories of countermeasure, Type of Control, Goals of Countermeasure, and their respective cost justification. Refer to below mind map for complete details.