CISSP For Dummies

In This Chapter

• Understanding major categories and types of laws

• Knowing the major categories of computer crime

• Researching U.S. and international laws that pertain to information security

• Handling investigations, forensics, evidence, and incident response

• Knowing basic ethical standards

Overview

Similar to police officers, information security professionals are expected to determine when a computer crime has occurred, secure the crime scene, and collect any evidence - to protect and to serve! In order to perform these functions effectively, the CISSP candidate must know what a computer crime is, how to conduct an investigation and collect evidence, and understand what laws may have been violated. Additionally, CISSP candidates are required to adhere to the (ISC) ² Code of Ethics and must be able to apply these principles to resolve ethical dilemmas.

Further, CISSP candidates are expected to be familiar with the laws and regulations that are relevant in their country and industry. This could include national laws, local laws, and any laws that pertain to the type of activity performed by the organization.