Back to CISSP (CISSP)

Legal, regulations, investigations and compliance

Laws, investigations, compliance

Security professionals need to have an understanding of legal and regulatory requirements, how to investigate security incidents, and how to ensure compliance with these requirements.
5 minutes 5 Questions

Legal, regulations, investigations and compliance form a critical domain within CISSP, focusing on how organizations manage their information security programs within legal frameworks. Legal aspects involve understanding various laws that affect information security such as intellectual property laws, privacy laws, and computer crime legislation. Security professionals must know how these laws impact data protection, disclosure requirements, and liability issues. Regulations are formalized rules enacted by governmental bodies that organizations must follow. Examples include GDPR for European data protection, HIPAA for healthcare information in the US, SOX for financial reporting, and PCI DSS for payment card processing. Each regulation establishes specific security controls and processes that must be implemented. Investigations refer to the methodical process of examining security incidents. This includes proper evidence collection, preservation, and handling to maintain chain of custody. Digital forensics plays a key role, requiring specialized tools and techniques to recover, analyze, and present digital evidence that may be admissible in court proceedings. Compliance involves demonstrating adherence to applicable laws, regulations, and standards. Organizations implement frameworks like ISO 27001 or NIST CSF to structure their security programs. Compliance management includes regular assessments, documentation of controls, addressing gaps, and preparing for audits. Security professionals must also understand transborder data flow restrictions, data sovereignty issues, and jurisdictional differences in legal requirements. Ethical considerations guide professional conduct, as outlined in codes like the (ISC)² Code of Ethics. This domain requires security professionals to balance legal obligations with business objectives while maintaining appropriate controls to protect information assets. The ability to navigate this complex landscape is essential for effective risk management and organizational governance.

Legal, regulations, investigations and compliance form a critical domain within CISSP, focusing on how organizations manage their information security programs within legal frameworks. Legal aspects…

Concepts covered: Computer Crime Laws, Privacy Laws and Regulations, Intellectual Property Rights, Evidence Handling and Procedures, Ethics in Cyber Security, Security Policies and Procedures, Incident Response and Management, International Law and Cyber Warfare, Digital Forensics, Regulatory Compliance

Test mode:
Start practice test
CISSP - Legal, regulations, investigations and compliance Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

Under international law, which principle is most relevant when considering the use of cyber weapons that cause unintended collateral damage to civilian infrastructure?

Correct Answer: Principle of Proportionality

The Principle of Proportionality is the most relevant principle when considering the use of cyber weapons that cause unintended collateral damage to civilian infrastructure under international law. This principle requires that any military action must be proportional to the military objective and that the expected civilian casualties and damage to civilian objects must not be excessive in relation to the anticipated military advantage. In the context of cyber weapons, this principle is particularly important because these weapons can have wide-ranging and sometimes unpredictable effects on civilian infrastructure. The use of such weapons must be carefully weighed against the potential for unintended harm to civilians and civilian objects. The Principle of Distinction in Armed Conflict, while important, is more focused on distinguishing between combatants and civilians, and between military objectives and civilian objects. It does not directly address the issue of proportionality in relation to collateral damage. The Principle of Military Necessity and Humanity is a broader concept that underlies many aspects of international humanitarian law, but it does not specifically address the issue of proportionality in relation to collateral damage. The Principle of Sovereign Equality of States is a fundamental principle of international law, but it is not directly related to the conduct of hostilities or the use of weapons in armed conflict.

Question 2

What is an indemnification clause in a contract?

Correct Answer: A provision that requires one party to compensate the other for any losses or damages incurred

An indemnification clause is a provision in a contract that requires one party to compensate the other for any losses or damages incurred as a result of the contract or the actions of one or both parties.

Question 3

What is the purpose of anti-money laundering (AML) regulations?

Correct Answer: To prevent the financing of illegal activities through the banking system

AML regulations are designed to prevent the financing of illegal activities, such as drug trafficking and terrorism, through the banking system. They require financial institutions to establish and maintain compliance programs to detect, prevent, and report suspicious activity.

Go Premium

CISSP Preparation Package (2025)

  • 4537 Superior-grade CISSP practice questions.
  • Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
  • Unlock Effortless CISSP preparation: 5 full exams.
  • 100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
  • Bonus: If you upgrade now you get upgraded access to all courses
  • Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!
More Legal, regulations, investigations and compliance questions
133 questions (total)
Start 100 question test