ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance

Sorry in advance for the misleading image…  But I love Judge Dredd!

[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.[/alert]

ISC(2) CISSP Revision Notes – Study and Exam Tips
ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP
ISC(2) CISSP Revision Notes – Access Control
ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning
ISC(2) CISSP Revision Notes – Cryptography
ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management
ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance (You are here)
ISC(2) CISSP Revision Notes – Operations Security
ISC(2) CISSP Revision Notes – Security Architectural Design
ISC(2) CISSP Revision Notes – Software Development Security
ISC(2) CISSP Revision Notes – Telecommunications and Network Security

Law Types

Common Law/Case Law: Precedent set by judges

Criminal Law: Protection of society

• Criminal Penalties: Punishment and deterrence
• Burden of Proof: Beyond reasonable doubt
• Felony: Serious.  Misdemeanor: Not as Serious.

Civil Law: Wrongful act against an individual or organization

• Civil Penalties: Compensatory, Punitive or Statutory damages
• Burden of Proof: Preponderance of evidence

Liability & Due Care

• Legal Requirements: Cost of safeguard vs estimated loss
• Good faith: What should we do
• Due Care: Conduct of a reasonable person in the given situation
• Due Diligence: Execution of due care

Administrative Law

• Conduct governing major industries (eg banking and health)

International Law

• No universal cooperation, different interpretations, extraditions
• Civil Law: States and constitutions.  Religious Law: eg Sharia.  Pluralistic Law: Based on the previous.

Computer Crime

• Business Attacks: Businesses are not always good at defending themselves
• Financial Attacks: Motivated by greed
• “Fun” Attacks: Thrill seekers and notoriety
• Grudge Attacks: Revenge
• Ideological: Hacktivism may use DDoS
• Military & State: APT, financed and funded

Laws Applicable to Computer Crime

(May be prosecuted with non-computer related crime.)

Intellectual Property: Wordwide rights and enforcement

Patents: Documented property, 17 or 20 year protection

• Trademark: Distinguishes organization or product
• Copyright: An original work
• Trade Secrets: Genuine and non-obvious, competitive advantage, reasonable protected

Privacy & Data Protection

• Must be collected fairly and valid for stated purpose
• US Federal Privacy Act of 1979
  • Information may only be shared with written permission
  • US Health Insurance Portability & Accountability (HIPAA) 1966 & 2003
    • Applicable to insurers, data processors and health care providers
    • US Gromm-Leach-Bliley Financial Markets Act (GLBA)
      • Financial privacy rules, safeguards and pretext
      • UK Data Protection ACT (DPA)
        • Enforced by the ICO
        • Payment Care Industry Data Security Standard (PCI-DSS)
          • Payment card standards not laws
          • Self Assessment and network scans
          • Secure network, protect card holder data, vulnerability management, access control, monitor and test, info sec policy

Investigations

Forensics: Conducting crime investigation

Investigation: Determine what happened and who is responsible

Investigation and Incident Handling: Often conducted simultaneously

Direct Evidence: Testimony based on observation

Real or Physical: Objects from an actual crime

Documentary Evidence: Copies or originals of records

Demonstrative Evidence: Expert (bast on speciality) or non-expert (based on facts)

Best Evidence: Original and unaltered

Secondary Evidence: Duplicate or copy, eg a tape backup

Corrobative Evidence: Supports other evidence

Conclusive: Can’t be denied

Circumstantial: No necessarily connected

Hearsay Rule: Not normally admissible

Chain of Custody & Evidence Lifecycle

• Who, what, where, when, how

Conducting an Investigation

1) Detect and Contain

2) Notify Management

3) Preliminary Investigation

4) Should it be disclosed?

5) Investigation (MOM: Motive, Opportunity, Means): Suspects, Witnesses and Search

6) Report

Incident Handling (Response)

1) Procedures

2) Responsibilities

3) Available Resources

4) Logical Review

1) Determine if it’s taken place.

2) Notify people?

3) Contain the incident

4) Assess the damage

5) Resume normal operations

6) Evaluate Response Effectiveness

[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.[/alert]