Читать книгу (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple - Страница 198

THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

 Domain 1.0: Security and Risk Management1.4 Determine compliance and other requirements1.4.1 Contractual, legal, industry standards, and regulatory requirements1.4.2 Privacy requirements1.5 Understand legal and regulatory issues that pertain to information security in a holistic context1.5.1 Cybercrimes and data breaches1.5.2 Licensing and Intellectual Property (IP) requirements1.5.3 Import/export controls1.5.4 Transborder data flow1.5.5 Privacy

The world of compliance is a legal and regulatory jungle for information technology and cybersecurity professionals. National, state, and local governments have all passed overlapping laws regulating different components of cybersecurity in a patchwork manner. This leads to an incredibly confusing landscape for security professionals, who must reconcile the laws of multiple jurisdictions. Things become even more complicated for multinational companies, which must navigate the variations between international law as well.

Law enforcement agencies have tackled the issue of cybercrime with gusto in recent years. The legislative branches of governments around the world have at least attempted to address issues of cybercrime. Many law enforcement agencies have full-time, well-trained computer crime investigators with advanced security training. Those who don't usually know where to turn when they require this sort of experience.

In this chapter, we'll cover the various types of laws that deal with computer security issues. We'll examine the legal issues surrounding computer crime, privacy, intellectual property, and a number of other related topics. We'll also cover basic investigative techniques, including the pros and cons of calling in assistance from law enforcement.