IT Legal Regulations Investigations and Compliance

Duration 03:00 2659 Views



Hello and Welcome to Lesson 9 of CISSP Certification Course by SimpliLearn! This lesson is about Legal, Regulations, Investigations and Compliance.

Legal, Regulations, Investigations and Compliance is one of the ten domains of the Common Body of Knowledge (CBK) for the CISSP certification exam.

The Legal, Regulations, Compliance, and Investigations domain addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed, methods to gather evidence if it has, as well as the ethical issues and code of conduct for the security professional. Incident handling provides the ability to react quickly and efficiently to malicious technical threats or incidents. The focus is on concepts and internationally accepted methods, processes, and procedures. It is important to highlight the international focus at the very beginning. This lesson will avoid in-depth discussions of country- or region-specific laws, legislation, and regulations. Although some regional examples are presented to clarify certain discussion points, these will be limited to the emphasis of principles common across most, if not all, jurisdictions.


According to the (ISC) 2 Candidate Information Bulletin, a CISSP candidate is expected to know the methods for determining whether a computer crime has been committed, the laws that would be applicable for the crime, the laws prohibiting specific types of computer crime, methods to gather and preserve evidence of a computer crime, investigative methods and techniques, and ways to address compliance.


The agenda for this lesson is as follows:

We begin with the overview of Computer Crimes. Major Legal Systems will be discussed next. This will be followed by Intellectual Property Law, Privacy, Incident Response, Investigations and Compliance.

Finally we will discuss (ISC) 2 Code of Ethics.