US influence on CISSP exam?

hhasund · November 2017

Hi all,

I recently started my CISSP studies, and after reading through the first domain (Security and Risk Management), I have to ask:
How much is the CISSP influenced by US laws, rules and regulations. I am using Eric Conrads study guide, and the chapter covering the first domain is full of information on the US system.
Fourth Amendment, Rule1001, Evidence and court procedures, HIIPA, SOX, Patriot Act, to name just a few.

Is this something that is a trend throughout the exam, or is it mostly for examples and broader picture stuff?
Do I need to be familiar with all these US rules, regulations, common practices, etc to be able to pass the exam, even though they are completely irrelevant to a Scandinavian like me?

TheFORCE · November 2017

The CISSP is a very broad exam, covering a lot of different areas and regions of the world. To not mention US regulatory bodies or laws would be a dis-service especially when US is one of the biggest countries not only in IT but also in data generation and multi national corporations. If you continue reading, you will find that it also mentions EU regulations just as much.

To answer your question though most likely you wont get any questions for specific US regulations. I got more about EU than US.

beads · November 2017

This was certainly true many years ago but has since been all but written out of the exam for a broader less US-centric exam. ISC(2) has practically bent over backwards not to include much if any US based regulations but as stated above more likely to embrace a more European regulatory model. This was discussed ad nauseum at the time as being good for the exam.

Even back then the most that would be asked of an examinee would have been HIPAA based and those questions have since been moved to the HCISPP. Not much to worry about. SANS on the other hand at one time, not sure now, used to ask alot of very detailed Title and Section of the US Code for GCIH and other exams but likewise probably don't as much now as they once did to please a broader audience. Still good to know your comparative legal systems: Administrative versus Tort law, etc which are going to be true where ever you practice.

- b/eads

kdotnoh · November 2017

The good news is that you will not face even a single question which is based solely on US or EU laws but question on internationaly accepted laws. e.g trot law

hhasund · November 2017

Thank you very much for your input here, it sure is reassuring..

I finished Domain 1 of the Eric Conrad book, and I did feel better as I got further into it.

But today I took the 100 Domain 1 questions from Sybex's Official (ISC)2 Practice tests, and it had at least 18 questions that were exclusively US-related, and several others that were obviously easier if you are American. Seems strange that they would present us with such questions.

Oh well, I trust you guys.

beads · November 2017

There will be a delay from the publishing of a book and the exam itself. Conrad hasn't really changed much from edition to edition just trim around the edge's.

- b/eads

laurieH · November 2017

The material is quite US-centric. But then seeing as so much in IT is it kind of makes sense to be honest. Particularly as the world becomes (even more) connected it's important to have a working knowledge of US related information security topics (this is from a UK contributor before people assume I'm American)!

US influence on CISSP exam?

Comments