ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance
Sorry in advance for the misleading image… But I love Judge Dredd!
[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam. These notes lack things completely that could be included on your exam. I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning. For further information see my CISSP Study and Exam Tips.[/alert]
ISC(2) CISSP Revision Notes – Study and Exam Tips
ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP
ISC(2) CISSP Revision Notes – Access Control
ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning
ISC(2) CISSP Revision Notes – Cryptography
ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management
ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance (You are here)
ISC(2) CISSP Revision Notes – Operations Security
ISC(2) CISSP Revision Notes – Security Architectural Design
ISC(2) CISSP Revision Notes – Software Development Security
ISC(2) CISSP Revision Notes – Telecommunications and Network Security
Law Types
Common Law/Case Law: Precedent set by judges
Criminal Law: Protection of society
- Criminal Penalties: Punishment and deterrence
- Burden of Proof: Beyond reasonable doubt
- Felony: Serious. Misdemeanor: Not as Serious.
Civil Law: Wrongful act against an individual or organization
- Civil Penalties: Compensatory, Punitive or Statutory damages
- Burden of Proof: Preponderance of evidence
Liability & Due Care
- Legal Requirements: Cost of safeguard vs estimated loss
- Good faith: What should we do
- Due Care: Conduct of a reasonable person in the given situation
- Due Diligence: Execution of due care
Administrative Law
- Conduct governing major industries (eg banking and health)
International Law
- No universal cooperation, different interpretations, extraditions
- Civil Law: States and constitutions. Religious Law: eg Sharia. Pluralistic Law: Based on the previous.
Computer Crime
- Business Attacks: Businesses are not always good at defending themselves
- Financial Attacks: Motivated by greed
- “Fun” Attacks: Thrill seekers and notoriety
- Grudge Attacks: Revenge
- Ideological: Hacktivism may use DDoS
- Military & State: APT, financed and funded
Laws Applicable to Computer Crime
(May be prosecuted with non-computer related crime.)
Intellectual Property: Wordwide rights and enforcement
Patents: Documented property, 17 or 20 year protection
- Trademark: Distinguishes organization or product
- Copyright: An original work
- Trade Secrets: Genuine and non-obvious, competitive advantage, reasonable protected
Privacy & Data Protection
- Must be collected fairly and valid for stated purpose
- US Federal Privacy Act of 1979
- Information may only be shared with written permission
- US Health Insurance Portability & Accountability (HIPAA) 1966 & 2003
- Applicable to insurers, data processors and health care providers
- US Gromm-Leach-Bliley Financial Markets Act (GLBA)
- Financial privacy rules, safeguards and pretext
- UK Data Protection ACT (DPA)
- Enforced by the ICO
- Payment Care Industry Data Security Standard (PCI-DSS)
- Payment card standards not laws
- Self Assessment and network scans
- Secure network, protect card holder data, vulnerability management, access control, monitor and test, info sec policy
Investigations
Forensics: Conducting crime investigation
Investigation: Determine what happened and who is responsible
Investigation and Incident Handling: Often conducted simultaneously
Direct Evidence: Testimony based on observation
Real or Physical: Objects from an actual crime
Documentary Evidence: Copies or originals of records
Demonstrative Evidence: Expert (bast on speciality) or non-expert (based on facts)
Best Evidence: Original and unaltered
Secondary Evidence: Duplicate or copy, eg a tape backup
Corrobative Evidence: Supports other evidence
Conclusive: Can’t be denied
Circumstantial: No necessarily connected
Hearsay Rule: Not normally admissible
Chain of Custody & Evidence Lifecycle
- Who, what, where, when, how
Conducting an Investigation
1) Detect and Contain
2) Notify Management
3) Preliminary Investigation
4) Should it be disclosed?
5) Investigation (MOM: Motive, Opportunity, Means): Suspects, Witnesses and Search
6) Report
Incident Handling (Response)
1) Procedures
2) Responsibilities
3) Available Resources
4) Logical Review
1) Determine if it’s taken place.
2) Notify people?
3) Contain the incident
4) Assess the damage
5) Resume normal operations
6) Evaluate Response Effectiveness
[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam. These notes lack things completely that could be included on your exam. I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning. For further information see my CISSP Study and Exam Tips.[/alert]
No Comment