ISC2 published the 3rd edition of their CISSP CBK in late 2012. I ordered my copy in December 2012 and said, “So what’s new in Legal?”

All quoted material in this article is from the “Official (ISC)2 Guide to the CISSP® CBK Third Edition.”

Generally, with respect to all the domains, ISC2 and the authors of the 3rd Edition have placed emphasis (by bolding, bullet-pointing, or indenting) on some of the material that was in the 2nd Edition. You can take that for what it is worth.

Here are the things that I found different in Legal, Regulations, Investigations and Compliance.

  • Ethics has been move from Information Security Governance and Risk Management domain to this domain.
  • A new section has been added on “Ensure security in contractual agreements and procurement processes (e.g. cloud computing, outsourcing, vendor governance)”
  • New sections have also been added on “Import/Export” and “Trans-Border Data Flow”
  • In the section on “Privacy” there is a bulleted list. The 6th bullet point is actually a new paragraph, but somehow it got a bullet instead. That’s the one that starts reading “There should be a general policy….”
  • The seven principles from the Europe Directive on Data Protection have new titles and definitions. The text alludes to them being EU specific, however, what I found was that the material listed is actually the “Safe Harbor Privacy Principles” issued by the U.S. Department of Commerce on July 21, 2000 and in which DoC specifically states, “The Principles were developed in consultation with industry and the general public to facilitate trade and commerce between the United States and European Union. They are intended for use solely by U.S. organizations receiving personal data from the European Union for the purpose of qualifying for the safe harbor and the presumption of “adequacy” it creates.

    Because the Principles were solely designed to serve this specific purpose, their adoption for other purposes may be inappropriate. The Principles cannot be used as a substitute for national provisions implementing the Directive that apply to the processing of personal data in the Member States.” (SOURCE: )

  • A new section entitled “Media Analysis” has been added which talks to the process of obtaining evidence from media.
  • Still another new section in evidence entitled “Hardware/Embedded Device Analysis” has been added which talks to the analysis of mobile devices such as smart phones or personal digital assistants (PDAs).
  • The final new section entitled “Understand Compliance Requirements and Procedures includes sections on:
    • Regulatory Environment
    • Audits
    • Reporting

As always, InfoSec is updating the courseware to reflect this new material and re-sequencing of the Legal, Regulations, Investigations, and Compliance domain.

Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute's proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.