Читать книгу The Official (ISC)2 CISSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 54

As a CISSP, you must be aware of the legal and regulatory requirements that pertain to information security — both broadly and within your particular industry and/or geographic regions. Having a strong understanding of legal and regulatory issues involves being familiar with the security threats that face information systems as well as the national, state, and local regulations that govern your organization's handling of sensitive data and systems. For both the CISSP exam and the “real world,” you must be familiar with the laws and regulations that govern handling of cybercrimes and data breaches, licensing and intellectual property handling, import/export controls, transborder data flow, and (of course) privacy.

NOTE Misdemeanor and felony are two legal terms that you'll see throughout this section; these two terms describe criminal acts of varying degrees. In U.S. law, a misdemeanor is any “lesser” criminal act that is punishable by less than 12 months in prison. Prison time is often (but, not always) substituted with fines, probation, or community service are often (not always) for misdemeanor charges. A felony, under U.S. law, is a more serious criminal offense that carries more serious penalties, including jail time over 12 months (and as high as one's lifetime). In other countries, such as France, Germany, and Switzerland, serious offenses (i.e., “felonies” in the United States) are described as crimes, while less serious offenses are called misdemeanors or delicts. Other countries, such as Brazil, use the term contravention to describe less serious offenses.