The ThorTeaches CISSP, CISM, and CC blog!

Get certification updates, tips, tricks, sales, and much more!

orange-underline-thorteaches-cissp-cism-cc-ccsp-security-training

CISSP certification: Rules, laws and regulations (US).

Rules, Regulations and Laws you should know for the exam (US):

  • HIPAA (Not HIPPA) – Health Insurance Portability and Accountability Act.
    • Puts strict privacy and security rules on how PHI (Personal Health Information is handled by Health Insurers, Providers and Clearing House Agencies (Claims)).
    • HIPAA has 3 rules – Privacy rule, Security rule and Breach Notification rule.
    • The rules mandate Administrative, Physical and Technical safeguards.
    • Risk Analysis is required.
  • Security Breach Notification Laws.
    • NOT Federal, 48 states have individual laws, know the one for your state (none in Alabama and South Dakota).
    • They normally require organizations to inform anyone who had their PII compromised.
    • Many have an encryption clause, lost encrypted data may not require disclosure.
  • Electronic Communications Privacy Act (ECPA):
    • Protection of electronic communications against warrantless wiretapping.
    • The Act was weakened by the Patriot Act.
  • PATRIOT Act of 2001:
    • Expands law enforcement electronic monitoring capabilities.
    • Allows search and seizure without immediate disclosure.
  • Computer Fraud and Abuse Act (CFAA) – Title 18 Section 1030:
    • Most commonly used law to prosecute computer crimes.
    • Enacted in 1986 and amended in 1989, 1994, 1996, 2001, 2002 (PATRIOT Act), and 2008 (Identity Theft Enforcement and Restitution Act).
  • Payment Card Industry Data Security Standard (PCI-DSS) – Technically not a law, created by the payment card industry.
  • Gramm-Leach-Bliley Act (GLBA):
    • Applies to financial institutions; driven by the Federal Financial Institutions Examination Council (FFIEC); enforced by member agencies, OCC, FDIC, FRB, NCUA, and CFPB.
    • Enacted in 1999, requires protection of the confidentiality and integrity of consumer financial information.
  • Sarbanes-Oxley Act of 2002 (SOX):
    • Directly related to the accounting scandals in the late 90’s.
    • Regulatory compliance mandated standards for financial reporting of publicly traded companies.
    • Intentional violations can result in criminal penalties.

Start studying today!

  • 34 hours of CISSP videos
  • 5,000+ CISSP questions
  • A 300-page CISSP study guide
  • 120-page quick sheets
  • CISSP Mnemonics
  • A CISSP study plan
  • A 2,500-page CISSP Glossary
  • The 24/7 CISSP ThorBot (chatbot)
  • 2,500 CISSP Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access
  • 32 hours of CISM videos
  • 900 CISM questions
  • A 200-page CISM study guide
  • CISM Mnemonics
  • A CISM study plan
  • A 2,500-page CISM Glossary
  • The 24/7 CISM ThorBot (chatbot)
  • 2,500 CISM Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access
  • 17 hours of CC videos
  • 1,700+ CC questions
  • A 120-page CC study guide
  • CC Mnemonics
  • A CC study plan
  • A 2,500-page CC Glossary
  • The 24/7 CC ThorBot (chatbot)
  • 2,500 CC Flashcards
  • Subtitles English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Chinese, Japanese, and Hindi
  • Lifetime or 12-months access