Legal Training for New CISSP Exam | CPE Too

The information security world is in turmoil. For infosec professionals, the adoption of smart legal practices is becoming more urgent.

Keeping with the times, the CISSP exam -- and related CPE requirements -- are being refreshed as of April 15, 2015. (CISSP stands for Certified Information Systems Security Professional.)

Cyber Threats Rise


The refresh reflects the alarming new reality of information security around the globe. 2014 was a banner year for data breaches and cyber attacks: Home Depot, Sony Pictures Entertainment, Community Health Systems, et al. And already for 2015 we’ve seen records breached for 80 million people at health insurer Anthem.
confidentiality
Privacy Law
As a consequence of this bad news, lawsuits are becoming more common and government audits & investigations are becoming more intrusive. For example, in the wake of the Sony Pictures attack, former employees of Sony have sued the company for allowing their personal information to be exposed.

CISSP Exam Covers Legal Issues


In this context the CISSP exam is changing. Among the topics in the exam are:

  • Law
  • Compliance
  • Regulations
  • Privacy
  • Policy
  • Investigations
  • Evidence
  • Ethics

These are all topics I address in a five-day bootcamp, “Law of Data Security and Investigations,” taught at the SANS Institute. SANS and I have been delivering and updating this course – known as LEGAL 523 --for many years. This course has served many hundreds of students from around the world.

Like the CISSP exam, the course embraces both old (timeless) lessons and new lessons. Through the years, the process of teaching the class -- engaging with smart students -- has improved my understanding of the topic; it has helped me refine the material, iteration after iteration.

LEGAL 523 is unique in the world. I am aware of no other course that seriously competes with it. It is taught by a practicing lawyer, who has years of experience. He devotes his professional life to keeping up with latest developments, such as New Jersey’s new law S.562 that (more or less) requires health insurers to encrypt personally identifiable information.

SANS LEGAL 523 | Law of Data Security and Investigations

By Benjamin Wright


Note: LEGAL 523 is not a cram course for the CISSP exam. It aims to teach all professionals (CISSPs, lawyers, auditors, investigators, penetration testers, managers and others) how to cope with the most pressing legal risks in data security and data investigations.