Laws, Regulations, Compliance

Every country follows some kind of Legal system. Below figure shows different types of Legal system.

Since CISSP discuss more on U.S. Laws and Regulation; hence we will restrict our-self to U.S. only. We can observe that the U.S. follow “Common Legal System”.
As an IT professional / Security professional; we understand that Laws and regulations have a significant impact on “How we work & behave day to day”. Hence below picture depicts some of the essential laws as covered by CISSP course content.

Over the last decade, the regulatory environment governing information security has grown increasingly complex. Organisations may find themselves subject to a wide variety of below laws

  1. Computer Crime Laws
  2. Intellectual Property Law
  3. Software Licensing Law
  4. Import/Export Law
  5. Privacy Law

Also, some regulations imposed by regulatory agencies or contractual obligations such as PCI-DSS, which could be a mandate to run your Business efficiently. Refer to below screenshot to know more details about PCI-DSS.

There could be other regulatory compliance such as
Auditing – For gathering shreds of evidence, finding the weakness in a system
Reporting – In case there is a “Breach.”
Metrics – To identify the effectiveness of your control & trend identification.