Home » Security Training and Tips » Domains of CISSP: Legal, Regulations, Compliance and Investigations

Domains of CISSP: Legal, Regulations, Compliance and Investigations

The Legal, Regulations, Compliance and Investigations domain addresses computer crime laws and regulations, the investigative measures and techniques which can be used to determi

Incident handling provides the ability to react quickly and efficiently to malicious technical threats or incidents.

The candidate will be expected to know the methods for determining whether a computer crime has been committed; the laws that would be applicable for the crime; laws prohibiting specific types of computer crime; investigative methods and techniques to gather and preserve evidence of a computer crime; and ways to address compliance.

Key Areas of Knowledge

  • Understand legal issues that pertain to information security internationally
    • Computer crime
    • Licensing and intellectual property (e.g., copyright, trademark)
    • Import/Export
    • Trans-border data flow
    • Privacy
  • Understand and support investigations
    • Policy
    • Incident handling and response
    • Evidence collection and handling (e.g., chain of custody, interviewing)
    • Reporting and documenting
  • Understand forensic procedures
    • Media analysis
    • Network analysis
    • Software analysis
  • Understand compliance requirements and procedures
    • Regulatory environment
    • Audits
    • Reporting

ne if a crime has been committed, and methods to gather evidence.



About this author:


Frank is a leading trainer in IT Security.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.