Legal and regulatory issues.
As IT Security Professionals we need to understand that laws and regulations have a huge influence on how we work.
We need to know some of them and understand how the rest work.
- There are 4 types of laws covered on the exam and important to your job as an IT Security Professional.
- Criminal Law:
- “Society” is the victim and proof must be “beyond a reasonable doubt”.
- Incarceration, Death and Financial fines to “Punish and Deter”.
- Civil Law (Tort Law):
- Individuals, groups or organizations are the victims and proof must be ”the Majority of Proof”.
- Financial fines to “Compensate the Victim(s)”.
- Administrative Law (Regulatory Law):
- Laws enacted by Government Agencies (FDA Laws, HIPAA, FAA Laws etc.) Proof “More likely than not”.
- Private Regulations:
- Compliance is required by contract (For instance PCI-DSS).
- Criminal Law: