Laws, Regulations, Compliance

Every country follows some kind of Legal system. Below figure shows different types of Legal system.

Since CISSP discuss more on U.S. Laws and Regulation; hence we will restrict our-self to U.S. only. We can observe that the U.S. follow “Common Legal System”.
As an IT professional / Security professional; we understand that Laws and regulations have a significant impact on “How we work & behave day to day”. Hence below picture depicts some of the essential laws as covered by CISSP course content.

Over the last decade, the regulatory environment governing information security has grown increasingly complex. Organisations may find themselves subject to a wide variety of below laws

  1. Computer Crime Laws
  2. Intellectual Property Law
  3. Software Licensing Law
  4. Import/Export Law
  5. Privacy Law

Also, some regulations imposed by regulatory agencies or contractual obligations such as PCI-DSS, which could be a mandate to run your Business efficiently. Refer to below screenshot to know more details about PCI-DSS.

There could be other regulatory compliance such as
Auditing – For gathering shreds of evidence, finding the weakness in a system
Reporting – In case there is a “Breach.”
Metrics – To identify the effectiveness of your control & trend identification.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.