CISSP - The law section

CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
NOTE: I've seen similar threads to this but have 1-2 specific questions and just want to reassurance and guidance.


I recently started my CISSP studies. It's all going fairly well and I've just read the law chapters which was difficult to say the least. I'm based in the UK and so pretty much all of the laws I've never heard off. I understand why they're important though.

My question really is, I have heard that on the CISSP exam they avoid asking any specific law questions. I know that HIPPA seems important, and the Patriot act, and 1-2 others. Realistically, I can not learn all these laws and I also think my brain capacity and time would be better focused on other parts of the syllabus.

Did others take this approach?

Did you have a general understanding of the types of things to consider - e.g. about privacy, private information, the types of laws around the misuse of computers?

Any thoughts?

My Aims
2017: OSCP -
2018: CISSP -
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
           GIAC GREM - Reverse Engineering of Malware -

2021: CCSP
2022: OSWE (hopefully)


  • Resonate!Resonate! Member Posts: 23 ■■□□□□□□□□
    Hello, the exam appeared to be asking adequate questions on Regulations and not deeply US specific. Don't overthink this and consider the mostly recognized laws in the industry if you only want to know what you need for the test.
  • soccarplayer29soccarplayer29 Member Posts: 230 ■■■□□□□□□□
    I can't say how many or a % of questions on the exam will be laws/regulations related but I agree with your tactic of reviewing them at a cursory level and not getting bogged down in the weeds over them. Since reading and disgesting that material might be tough I'd suggest watching some short videos (youtube/cybrary) which will hopefully help and give you the right level of detail on these.

    CISSP isn't a test on these laws (there are other industry-specific certifications which are more geared towards that) but the CBK does include some common regulations which security professionals may encounter while performing their job duties.
    Certs: CISSP, CISA, PMP
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I recall very few law and regulation questions when I took it.
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • mattster79mattster79 Member Posts: 135 ■■□□□□□□□□
    I’m based in the UK too and had the same concerns before I sat the exam.

    What I did was remember a high level overview of each law. That was enough to get me through. IIRC, I had a few law questions but they weren’t that difficult.
  • H-bombH-bomb Member Posts: 129 ■■■□□□□□□□
    I wouldn’t really stress too much about US specific laws.
  • greennc939greennc939 Member Posts: 10 ■□□□□□□□□□
    As others have said - I took the exam not too long ago and think that you should just take a cursory look through the list of US regulations covered in Eric Conrad's guide and just know what they are - but otherwise I wouldn't worry about the specifics.
  • laurieHlaurieH Member Posts: 109 ■■■□□□□□□□
    I'm also UK based. However I work in the legal area so I did my best to grasp as much of it as I could. I wouldn't discount anything from the exam in terms of what you expect. But having said that you do have to be realistic in terms of what you expect to be able to recall. For example I gave up with the various key lengths of all the different types of encryption and some of the cable specifications because I realised that I couldn't realistically memorise it all.
    CCNA - expired
    CISSP - live n' kickin'
    My CISSP study apps
    My CISSP study advice blog
Sign In or Register to comment.