Law, investigations, ethics: Security incident response management

The CISSP exam covers 10 domains, one of which is law, investigations and ethics. In this section of the CISSP Study Guide, you will ensure your knowledge of law, investigations and ethics and security incident response management.

  Law, Investigations and Ethics  

The CISSP exam covers 10 domains, one of which is law, investigations and ethics. This domain pertains to the legal issues associated with information security, from legal regulations to compliance and investigations.

In order to pass this domain of the CISSP exam, you'll need to know about security incident response management, digital forensics, regulatory compliance and internal security practices. In this section of the CISSP Study Guide, you will ensure your knowledge of law, investigations and ethics and security incident response management by referring to our resources and testing your knowledge with our laws, investigations and ethics security quiz, written by CISSP All-in-one Exam Guide author Shon Harris. Visit our library of study guides to see the other domains.

How to secure the chain of custody in a digital forensics investigation
Digital forensics experts are expensive, which means most customers are turning to service providers to gather evidence and ensure a proper, secure a chain of custody for digital evidence.

In this expert tip, learn best practices for securing a chain of custody to help you improve your methodology for evidence gathering.

Creating a proactive enterprise security incident response program
Every organization should develop a proactive security incident response program to ensure that when an incident does occur, it can be handled quickly and efficiently.

In this tip, contributor Marcos Christodonte II outlines several steps every organization should take to ensure they are equipped to handle every security incident.

Security incident response planning: How to handle a security incident
Researchers have been working on ways companies can effectively address security incidents in a coordinated way.

In this video, Jack Phillips, managing partner of security research firm IANS, talks about how companies can prepare for and appropriately handle a security incident, identifies the typical stakeholders in an incident and discusses when an enterprise should get legal involved.

Security incident response 101: Security incident management and planning
Sometimes the best procedures fail to overcome the stresses in the initial throes of a breach response. In this exclusive video, security consultant Lenny Zeltser explains the importance of an effective security incident response plan and unveils several ways an organization can carry out a well coordinated incident response plan.

Forensic incident response: Integrating a SIM system and an IAM system
Security information management systems (SIMs) and identity management systems are designed to operate independently; by understanding where each technology's integration points are and how to maintain their effectiveness once they're joined, it's possible to create a more effective incident response tool.

Learn how to effectively tie together security information management systems' (SIMs) real-time monitoring and reporting to identity and access management's (IAM) controls in order to provide useful controls and, ultimately, increased information security program effectiveness.

Incident response security plans for advanced persistent threat
Dealing with advanced persistent threats (APT) presents unique challenges. In this short Q&A, which is an excerpt of a recent podcast interview, Michael Malin, executive VP and CFO for Mandiant Corp., and Dave Merkel, Mandiant's VP of products, discuss advanced persistent threats and incident response security and unveil how an incident response program can save your enterprise from advanced persistent threats.

Create a data breach response plan in 10 easy steps
Security professionals have good reason to fear information security breaches, and in turn to create a data breach response plan. However, many chief information security officers (CISOs) find themselves ill equipped to respond to these attacks.

In this tip, Khalid Kark of Forrester Research outlines 10 steps that organizations can take to create and enforce an effective data breach response plan.

Return to the CISSP Study Guide.

About the author
Shon Harris, CISSP, MCSE, is the president of Logical Security, an IT security consulting and training company. She is a former engineer in the Air Force's Information Warfare unit, an instructor and the best-selling author of the previous three editions of this book. Shon has taught computer and information security to a wide range of clients, including RSA, the Department of Defense, the Department of Energy, the National Security Agency and many more.

Dig Deeper on Employee Training and Development for MSPs