ThorTeaches.com CISSP, CISM, CC training logo

The ThorTeaches CISSP, CISM, and CC blog!

Get certification updates, tips, tricks, sales, and much more!

orange-underline-thorteaches-cissp-cism-cc-ccsp-security-training

CISSP certification: Rules, laws and regulations (US).

Rules, Regulations and Laws you should know for the exam (US):

  • HIPAA (Not HIPPA) – Health Insurance Portability and Accountability Act.
    • Puts strict privacy and security rules on how PHI (Personal Health Information is handled by Health Insurers, Providers and Clearing House Agencies (Claims)).
    • HIPAA has 3 rules – Privacy rule, Security rule and Breach Notification rule.
    • The rules mandate Administrative, Physical and Technical safeguards.
    • Risk Analysis is required.
  • Security Breach Notification Laws.
    • NOT Federal, 48 states have individual laws, know the one for your state (none in Alabama and South Dakota).
    • They normally require organizations to inform anyone who had their PII compromised.
    • Many have an encryption clause, lost encrypted data may not require disclosure.
  • Electronic Communications Privacy Act (ECPA):
    • Protection of electronic communications against warrantless wiretapping.
    • The Act was weakened by the Patriot Act.
  • PATRIOT Act of 2001:
    • Expands law enforcement electronic monitoring capabilities.
    • Allows search and seizure without immediate disclosure.
  • Computer Fraud and Abuse Act (CFAA) – Title 18 Section 1030:
    • Most commonly used law to prosecute computer crimes.
    • Enacted in 1986 and amended in 1989, 1994, 1996, 2001, 2002 (PATRIOT Act), and 2008 (Identity Theft Enforcement and Restitution Act).
  • Payment Card Industry Data Security Standard (PCI-DSS) – Technically not a law, created by the payment card industry.
  • Gramm-Leach-Bliley Act (GLBA):
    • Applies to financial institutions; driven by the Federal Financial Institutions Examination Council (FFIEC); enforced by member agencies, OCC, FDIC, FRB, NCUA, and CFPB.
    • Enacted in 1999, requires protection of the confidentiality and integrity of consumer financial information.
  • Sarbanes-Oxley Act of 2002 (SOX):
    • Directly related to the accounting scandals in the late 90’s.
    • Regulatory compliance mandated standards for financial reporting of publicly traded companies.
    • Intentional violations can result in criminal penalties.

Start studying today!

  • 34 hours of CISSP videos
  • 5,000+ CISSP questions
  • A 300-page CISSP study guide
  • 120-page quick sheets
  • CISSP Mnemonics
  • A CISSP study plan
  • A 2,500-page CISSP Glossary
  • The 24/7 CISSP ThorBot (chatbot)
  • 2,500 CISSP Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access
Start Your CISSP Today!
Preview All You Get!
  • 32 hours of CISM videos
  • 900 CISM questions
  • A 200-page CISM study guide
  • CISM Mnemonics
  • A CISM study plan
  • A 2,500-page CISM Glossary
  • The 24/7 CISM ThorBot (chatbot)
  • 2,500 CISM Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access
Start Your CISM Today!
Preview All You Get!
  • 17 hours of CC videos
  • 1,700+ CC questions
  • A 120-page CC study guide
  • CC Mnemonics
  • A CC study plan
  • A 2,500-page CC Glossary
  • The 24/7 CC ThorBot (chatbot)
  • 2,500 CC Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access
Start Your CC Today!
Preview All You Get!

Our Generative AI for Work courses are LIVE!

Generative AI is a tool – it has massive knowledge but zero judgment.

That is why we made the Generative AI for Work short courses.

They aren’t 20-hour theory dumps covering 50 different use cases.

Each course is short and focuses on doing one specific task better: writing emails faster, running better meetings, negotiating salary, preparing for interviews, or planning your career path.

The goal is simple – handle routine work efficiently so you can focus on what only humans can do.

Start using Generative AI as the excellent tool it can be

In the course you get:

Short videos showing you how to get the right responses from Generative AI.

We show prompts that you can tailor to your needs.
We give you the tools to apply what we teach in any related topic, not just our examples.

Live AI role plays, so you can practice 1-1 conversations and feel comfortable with them.

Only in Salary, Interview, and Leadership courses:
• 20 Role Plays in the Salary course (both for new and current salary talks).
• 16 Role Plays in the Interview course, so you can refine your answers to the most common questions.
• 4 Role Plays in the Leadership course, so you can work on your 1-1 talks for both good and not so good talks.

Multiple Downloadable PDFs.

• A course specific handout with what we show you in the videos, and do's and don'ts.
• How to write better prompts for the output you need.
• How to spot mistakes, hallucinations, and how to course correct them.