Chapter 4

               Laws, Regulations, and Compliance


               THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER

               INCLUDE:

                      Domain 1: Security and Risk Management

                        1.3 Determine compliance requirements

                             1.3.1 Contractual, legal, industry standards, and regulatory
                             requirements

                             1.3.2 Privacy requirements

                        1.4 Understand legal and regulatory issues that pertain to
                        information security in a global context


                             1.4.1 Cyber crimes and data breaches
                             1.4.2 Licensing and intellectual property requirements


                             1.4.3 Import/export controls

                             1.4.4 Trans-border data flow

                             1.4.5 Privacy













                                       The world of compliance is a legal and regulatory

               jungle for information technology (IT) and cybersecurity
               professionals. National, state, and local governments have all passed
               overlapping laws regulating different components of cybersecurity in a
               patchwork manner. This leads to an incredibly confusing landscape for
               security professionals who must reconcile the laws of multiple
               jurisdictions. Things become even more complicated for multinational