Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CISSP in 21 Days

You're reading from   CISSP in 21 Days Boost your confidence and get the competitive edge you need to crack the exam in just 21 days!

Arrow left icon
Product type Paperback
Published in Jun 2016
Publisher
ISBN-13 9781785884498
Length 402 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
M. L. Srinivasan M. L. Srinivasan
Author Profile Icon M. L. Srinivasan
M. L. Srinivasan
Arrow right icon
View More author details
Toc

Table of Contents (22) Chapters Close

Preface 1. Day 1 – Security and Risk Management - Security, Compliance, and Policies FREE CHAPTER 2. Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education 3. Day 3 – Asset Security - Information and Asset Classification 4. Day 4 – Asset Security - Data Security Controls and Handling 5. Day 5 – Exam Cram and Practice Questions 6. Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation 7. Day 7 – Security Engineering - Cryptography 8. Day 8 – Communication and Network Security - Network Security 9. Day 9 – Communication and Network Security - Communication Security 10. Day 10 – Exam Cram and Practice Questions 11. Day 11 – Identity and Access Management - Identity Management 12. Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks 13. Day 13 – Security Assessment and Testing - Designing, Performing Security Assessment, and Tests 14. Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting 15. Day 15 – Exam Cram and Practice Questions 16. Day 16 – Security Operations - Foundational Concepts 17. Day 17 – Security Operations - Incident Management and Disaster Recovery 18. Day 18 – Software Development Security - Security in Software Development Life Cycle 19. Day 19 – Software Development Security - Assessing effectiveness of Software Security 20. Day 20 – Exam Cram and Practice Questions 21. Day 21 – Exam Cram and Mock Test

Compliance

Information security breaches in the past two decades have necessitated new security-related legal and regulatory frameworks or updates to existing legal and regulatory frameworks to include security-related compliance provisions across various countries. Requirements to comply with legal and legislative frameworks have increased exponentially due to global nature of the Internet, cross-border information exchange, electronic commerce, and services. Compliance frameworks are abundant with terms and jargon that a security professional should be aware of. Following are some of the legal and regulatory frameworks, terms, and jargons that are relevant to the Information Security domain.

Legislative and regulatory compliance

Common law is a law that is developed based on the decisions of courts and tribunals rather than through statutory laws (legislative statutes). The legal system that uses common law is called common law legal systems. Countries, such as the United Kingdom, the United States of America (most of the states in the USA), Canada, Australia, South Africa, India, Malaysia, Singapore, and Hong Kong follow common law.

There are three categories under common law that are generally established:

  1. Regulatory law, also called as Administrative law, primarily deals with the regulations of administrative agencies of the government.
  2. Criminal law deals with the violations of government laws. Criminal laws are filed by government agencies against an individual or an organization. The punishment under criminal laws includes imprisonment as well as financial penalties.
  3. Civil law deals with the lawsuits filed by private parties, such as corporations or individuals. Punishments under this law are financial or punitive damages or both.

Statutory law, legislative statute, or statute law is a legal system that is set down by the legislature or executive branch of the government. Statutory law under certain instances is also termed as codified law.

Religious are legal systems based on religious principles. Examples include Hindu, Islam, and Christian laws.

Civil Law laws are legal systems based on religious principles. Examples include Hindu, Islam, and Christian laws.

Civil Law is a legal system based on codes and legislative statutes as opposed to common law. France, Germany, and many other countries in the world follow civil law. Hence, there is a civil law category in the common law system and a civil law system itself.

Privacy requirements in compliance

Privacy is protection of Personally Identifiable Information (PII)about individuals or Sensitive Personal Information (SPI) that can be used to identify a person in context with a group. Protection under privacy is from disclosure or selective disclosure based on the individual's preferences.

National Institute of Standards and Technology (NIST) has published a guide to protecting the confidentiality of the personally identifiable information-wide NIST special publication 800-122. As per the guide, PII is defined as any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

Privacy laws deal with protecting and preserving the rights of an individual's privacy.

A few examples of privacy laws in the United States include the following:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Financial Services Modernization Act (GLB), 15 U.S. Code: 6801-6810
  • Final Rule on Privacy of Consumer Financial Information, 16 Code of Federal Regulations, Part 313

In the UK, they include the following:

  • Data Protection Act 1998 (United Kingdom)
  • Data Protection Directive (European Union)

Licensing and intellectual property

Intellectual Property (IP) refers to creative works using intellect, that is, mind, music, literary works, art, inventions, symbols, designs, and so on fall under intellectual property. The creator of such intellectual work has certain exclusive rights over the property. These exclusive rights are called Intellectual Property Rights (IPR).

Intellectual property law is a legal domain that deals with Intellectual Property Rights (IPR).

Following are some of the IPR-related terminologies:

  • Copyright: This is an intellectual property that grants exclusive rights to the creator of the original work, such as deriving financial benefits out of such work, ownership credits, and so on. Others do not have 'right to copy' such work. Copyright is country-specific.
  • Patent: This is a set of exclusive rights granted to the inventor of new, useful, inventive, and industry applicable inventions. This right excludes others from making, using, selling, or importing the invention. Patents are granted for a specific period of time. A patent is a public document.
  • Trademark: This is a unique symbol or mark that is used by individuals or organizations to uniquely represent a product or a service. Trademark is also used to distinguish from products and services of other entities.
  • Trade secret: This is a formula, design, process, practice, or pattern that is not revealed to others. This is to protect the information being copied and gain competitive advantage.
You have been reading a chapter from
CISSP in 21 Days - Second Edition
Published in: Jun 2016
Publisher:
ISBN-13: 9781785884498
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image