+ Reply to Thread
Results 1 to 8 of 8
  1. Senior Member
    Join Date
    Feb 2017
    Posts
    198
    #1

    Default CISSP - The law section

    NOTE: I've seen similar threads to this but have 1-2 specific questions and just want to reassurance and guidance.

    Hi,

    I recently started my CISSP studies. It's all going fairly well and I've just read the law chapters which was difficult to say the least. I'm based in the UK and so pretty much all of the laws I've never heard off. I understand why they're important though.

    My question really is, I have heard that on the CISSP exam they avoid asking any specific law questions. I know that HIPPA seems important, and the Patriot act, and 1-2 others. Realistically, I can not learn all these laws and I also think my brain capacity and time would be better focused on other parts of the syllabus.

    Did others take this approach?

    Did you have a general understanding of the types of things to consider - e.g. about privacy, private information, the types of laws around the misuse of computers?

    Any thoughts?

    Thanks,
    Cybercop
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    in progress

    Possible Others: OSCE, MCSA




    Reply With Quote Quote  

  2. SS
  3. Junior Member
    Join Date
    Aug 2016
    Posts
    21
    #2
    Hello, the exam appeared to be asking adequate questions on Regulations and not deeply US specific. Don't overthink this and consider the mostly recognized laws in the industry if you only want to know what you need for the test.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Feb 2015
    Location
    The Interwebs
    Posts
    211

    Certifications
    PMP, CISSP, CISA
    #3
    I can't say how many or a % of questions on the exam will be laws/regulations related but I agree with your tactic of reviewing them at a cursory level and not getting bogged down in the weeds over them. Since reading and disgesting that material might be tough I'd suggest watching some short videos (youtube/cybrary) which will hopefully help and give you the right level of detail on these.

    CISSP isn't a test on these laws (there are other industry-specific certifications which are more geared towards that) but the CBK does include some common regulations which security professionals may encounter while performing their job duties.
    Reply With Quote Quote  

  5. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    4,004

    Certifications
    BS-CST MLS CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #4
    I recall very few law and regulation questions when I took it.
    WIP:
    Python
    Java
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Apr 2015
    Location
    UK
    Posts
    127

    Certifications
    CISSP, CISM
    #5
    I’m based in the UK too and had the same concerns before I sat the exam.

    What I did was remember a high level overview of each law. That was enough to get me through. IIRC, I had a few law questions but they weren’t that difficult.
    Reply With Quote Quote  

  7. Member H-bomb's Avatar
    Join Date
    Oct 2015
    Posts
    79

    Certifications
    CASP, CCSK, SSCP, ITIL, Security+
    #6
    I wouldn’t really stress too much about US specific laws.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Nov 2016
    Posts
    6
    #7
    As others have said - I took the exam not too long ago and think that you should just take a cursory look through the list of US regulations covered in Eric Conrad's guide and just know what they are - but otherwise I wouldn't worry about the specifics.
    Reply With Quote Quote  

  9. Member
    Join Date
    May 2017
    Posts
    76

    Certifications
    CISSP
    #8
    I'm also UK based. However I work in the legal area so I did my best to grasp as much of it as I could. I wouldn't discount anything from the exam in terms of what you expect. But having said that you do have to be realistic in terms of what you expect to be able to recall. For example I gave up with the various key lengths of all the different types of encryption and some of the cable specifications because I realised that I couldn't realistically memorise it all.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks