Specific Law Questions on CISSP?
I'm using Shon's AIO 4th as my primary resource and it goes into some detail on some specific U.S. centered laws. However, I am also using the Official ISC2 book and it contains almost no information on any of these laws except HIPAA,GLB and Patriot Act. Does the CISSP examination expect a thorough understanding of individual laws and their main additions/modifications to previous laws? The CIB does not list the specific laws but does say that the candidate is expected to know which law(s) are applicable to a particular situation/crime.
Shon, in her book, did state that ISC2 was moving away from specific law testing and that the reader should just skim through the material for reference purposes.
I'm just a little confused.
Thoughts?
Shon, in her book, did state that ISC2 was moving away from specific law testing and that the reader should just skim through the material for reference purposes.
I'm just a little confused.
Thoughts?
Comments
-
unsupported
Member Posts: 192
It is my understanding that ISC2 is moving away from US centric laws. I feel you should have a good grasp of the laws, not just to pass the CISSP but for your career in general. I would recommend you focus on HIPAA, GLB, and Patriot Act. I feel my test in December did contain a fair amount of legal questions, but nothing at a level where I needed to memorize all the details of all the obscure privacy and anti-hacking laws.
Good luck.-un
“We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman -
JDMurray
Admin Posts: 13,092 Admin
The CISSP is an international certification and there are not likely to be any direct questions on specific U.S. laws. However, you do need to understand the information security and privacy laws passed in the USA (Federal and state), the EU, and by other national-level groups (such as the G8 ). Also know about financial protection standards are for (such as PCI and GLBA).