CCT 306: CISSP Domain 1.5: Understanding Legal, Regulatory, and Compliance Requirements

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_01 (00:25):
Good morning everybody.
It's Sean Griber with CISSPCyber Training and hope you all
are having a beautifully blessedday today.
Today is Monday, and we aregoing to be focused on the
various aspects related to theCISSP as far as training goes.
And today's focus is 1.5 orunderstanding legal and
regulatory issues that pertainto information security.

(00:47):
Obviously, the ultimate goal isto understand how some of these
legal and regulatory issuescould impact you.
One from a cybersecuritystandpoint, and two for taking
the test, right?
Because the ultimate goal is youwant to pass the CISSP exam, and
we want to give you the toolsand skills you need to do such a
thing.
But true to form, we're going tostart just like we always do
with some news in the cyberworld that we're seeing and some

(01:11):
things that you need to be awareof related to that.
Okay, this is from Dark Reading,and this is around the CISO and
the COO, a partnership forprotecting operational
excellence.
So the reason I try to bring upsome of these higher level kind
of articles, uh, one is thatthere's a lot of people that
talk about all the differentvulnerabilities that are out
there, but I also want to kindof bridge that gap between the

(01:34):
cybersecurity world and theoperational world.
And as you're studying for theCISSP, you know that you guess
what?
You're gonna have to understandall of these various concepts
related to management and to theoverall cybersecurity posture.
So the key idea here around thisarticle is that the CISOs and
the COOs must partnerproactively because

(01:54):
cybersecurity now directlyaffects all operational
continuity and performance.
And I've seen this professionpersonally in my world is where
you have to work with the COO.
Now, if you're not sure what theCOO is, it's the chief operating
officer for your company andthey deal with all the
operations that goes on.
And they're the ones when itcomes to operations for an
organization, that comes down tomoney.

(02:16):
If you have money, if yourcompany is making money, the COO
is usually in charge of that.
So you working directly with theCOO as a cybersecurity
representative is an importantpart in almost anything that you
do.
Because the reason is a lot ofthese situations, you have
shared risks, right?
So example would be ransomware.
And this could disrupt yourproduction, your supply chains,

(02:37):
your revenue, and overall yourcustomer service.
And that's where the COO livesand dies, is in that space.
And so it's important for you asa CISO to be able to do that or
as a cybersecurity professional.
Now I call out the CISO becausethat's just the title given to
it, but your organization, likewe've mentioned many times at uh
CISSP Cyber Training, may be anorganization that doesn't have

(02:57):
an air quotes CISO, but you mayhave someone that is very
similar, a position that's quitesimilar to it.
It could be a vice president ofcybersecurity, it could be a
vice president of uh IT, any ofthose pieces.
You might be wearing multiplehats at your organization, but
you should have a really strongrelationship with your COO
because of these operationalrisks that could happen.

(03:18):
Now you need to have alignmentbefore the overall crisis
occurs.
And this includes regulardialogue, ensuring that both
sides understand the criticalprocesses, and that is a big
one.
Do you understand both criticalprocesses within your
organization?
One as a CISO and two as theoperations person.
And then having that partnershipbetween two organizations is a

(03:39):
strong, strong way to be able touse to protect your company.
And we talk about adding valueto your organization.
I did that when I was workingwith that very large
multinational, the CokeIndustries.
We had to understand who is ouroperational person and then what
how do they make money?
What are the best criticalaspects around it?
It was an important part of whatwe did.

(03:59):
And so, therefore, you have tohave these relationships with
these folks.
Now, I will say that it dependsupon the size of your
organization and how connectedthey are to cyber, that might be
a little harder in some casesjust because they don't
understand it.
Therefore, it's up to you to getsmart on what they do.
If you get smart on what they doand how they do their business,
you and that comes down tolearning the language on how

(04:22):
they talk about money.
What are the different termsthat they use, right?
So you've got uh Ebada, you'vegot um the various aspects
around tax structures, you'vegot income streams, you've got
all the pieces that they wouldtypically want to know from a
financial standpoint, you needto know what those mean in
relation to the cybersecurityspace as well.

(04:44):
Now, again, you need to also,when you're building this with
them and you're working throughthis, you need to really look at
some joint crisis planning.
And this is where the tabletopscome into play.
Having a good tabletop andhaving a good plan around that
tabletop will do wonders forbuilding those relationships.
And I would tell you thatsometimes these operational
folks go, I don't have time forthis.

(05:06):
But all they have to do is showthem a few of these situations
where ransomware is a factor.
Now I will tell you if theydon't want to learn this stuff,
your operational teams, and theyreally truly just don't care
about what cyber does, they'rejust trying to do their daily
activities.
This is a piece of kind ofcareer advice.
Uh depending upon the companyyou're with, you may not want to
stay there.
And the reason I say that isbecause if you don't have

(05:29):
support now, if something wereto bad were to happen, uh you
definitely will not havesupport.
You you think they will.
They'll support you to get theprocess and the things fixed,
but what will end up happeningpotentially is they will throw
you under the bus once it's allover with.
Now, that may be okay with you.
That's that's something you haveto choose.
Uh, but if you don't have aRoger relationship with your COO
or your senior leadership, uhyou may want to consider looking

(05:52):
for a new employment at adifferent place.
And again, we've talked aboutthis over and again.
The best time to look for a jobis when you have one.
So if you are in the, you're notreal sure if that's someplace
you need to be.
I was talking to one of mystudents earlier this week, uh,
and she mentioned the point thatshe's like, I just don't know if
I want to stay here.
It's hard to, I don't know if Iwant to do this.
And I basically had a chat withher and saying, hey, Margie, you

(06:14):
know what?
If based on your situation, uh,I would start looking for
something else.
And but I said the best time tolook is when you have a job.
So no hurry, no pressure, butget yourself in a situation so
that you want to do somethingdifferent.
Now she wants to be a securityarchitect, or she is a security
architect, she's actually a veryin a very prominent financial
institution, and she but shewants to move on.

(06:37):
She always wants to have theultimate job as being the CISO,
but she doesn't know if that'swhat she really wants to do.
And I said, hey, you know what?
There's architect jobs out theregalore.
And if you wanted to do that andmove into it into a different
role and then move up with thatcompany, you can do it,
especially if you're stillyoung.
So the point of it comes down tois a long way around saying
build a relationship with yourCOO and your senior management.

(06:59):
If you don't have thatrelationship with them, then
maybe consider something elsedifferent.
Uh, then outcome again, a matureCISO and COO partnership
improves your resilience,continuity, and response
effectiveness.
It most definitely and surelydoes.
So it's an important part foryou to understand related to all
of that.
All right, so that's all we'vegot for the news today.
But real quickly, before we getstarted on today's topic, we're

(07:23):
gonna quickly grow over CISSPCyber Training.
Yes, at CISSP Cyber Training,you can get all the content that
you need to pass a CISSP examthe first time.
I've got gobs of videos, I'vegot tons of audio, I've got all
the questions you could need.
There's by over 2,000 questionsthat are there.
I've got a 20 250 point orquestion test that's coming out

(07:44):
here real soon.
Uh, it is packed andeverything's available for you
at CISSP Cyber Training.
Again, go check it out.
And the best part is well, Idon't know if it's the best
part, but it's an option.
It's a differentiator betweenthe other folks that are
offering this, is you can getdirect access to me.
I can help you as being yourpersonal coach and walking
through this.
I also can help you in yourcybersecurity roles, uh, just

(08:07):
like I did with Margie.
The ultimate goal is to help youget your CISSP done, but that is
step one.
We want to help you with youroverall career and help you
maximize the amount of money youcan make or the amount of impact
you can have with your companyand your life.
So again, go out and check outCISSP Cyber Training.
Okay, so let's get into whatwe're gonna talk about today.

(08:28):
Okay, so this is over domainone, 1.5.
Understand legal and regulatoryissues that pertain to
information security.
So, what are some of thesethings that you have to deal
with?
Well, guess what?
They continue to grow, but we'regonna get into some key topics
that you will probably have todeal with at some point in time
in the near future, especiallyif you're a security

(08:48):
professional, if you have notalready done so.
So there's categories of law.
We have different types of law.
We have a criminal law, we havecivil law.
So we're gonna first talk aboutthis and how they play out.
Now, criminal law is designed topreserve the peace, keep society
safe.
That's where you have policepeople, right?
That's the ultimate goal.
You have murder, assault,robbery, arson, all those things

(09:09):
fall within the criminal lawpiece that could cause chaos and
pandemonium in a civil society.
So therefore, you do thosethings, you will be fined as a
criminal.
These include penalties,community service.
Could just go as far as thedeath penalty, depending upon
what you do.
This includes uh computer orcybercrime.
Uh, the cybercrime, my wife andI were watching a show on TV,

(09:32):
and they had a cut, this younglady decided she was going to
break into somebody's email withjust getting access to the
password, downloading all theemails, and then going and
saying, uh looking ateverything.
Well, yeah, she's a young lady,wants to be a doctor.
You know, again, this is a TVdrama.
Oh my goodness.
Well, she's gonna go to jail andbreak a lot of big rocks into
little rocks at some point intime.

(09:52):
Yes, when she gets caught,because yes, she will get caught
because it's a show, but theyalways get caught.
But in most cases, everybodygets caught.
They do at some point in time.
You make a mistake and you getbusted.
Civil law, this is where it'sthe bulk of the body of laws,
and these are designed toprovide orderly society, right?
So you only have so manymurderers, rapists, and bad
people out there, right?
I mean, most people think badly,but not everybody actually acts

(10:15):
on it.
So the bulk of the laws arearound civil laws, and these are
designed to provide an orderlysociety, following the same
process, though, as the criminallaw.
Now, this difference isenforcement.
Law enforcement is not used incivil law unless it's used to
keep order, i.e., if there'ssomething against you, like you
have a restraining order orsomething against you, and then

(10:36):
the police have to be called inbecause you're going overboard.
Now that can happen, right?
But in the most cases, the lawenforcement is not involved.
The person who's affected is theone who files the suit.
And they come in and will say,hey, you know what, you did
something bad to me.
And this is where the governmentplays the administrative or
arbitrary or arbitrator role.

(10:57):
Now, there's also administrativelaw.
This is empowered by theexecutive branch and the
governments and the agencies.
Now, this is where you havewide-ranging ability to enact
laws, but they're basicregulatory requirements to
enforce such things asimmigration, which has been a
huge hot topic as of late.
But whether you like it or not,they do have the right to be
able to enforce that.
Uh and how they go about it,that is a whole different

(11:19):
animal.
But at the end of the day,that's what they do.
So you need to understand thebasic knowledge through these
various legal aspects.
And to know one thing I wantedto mention is that in the fact
that you have a criminal case,so say you go and you rob
somebody, and they end upfinding you not guilty of
robbery, but the family knowsthat you did it, they just

(11:40):
didn't have it with beyond areasonable doubt that you
actually committed the crime,they can file a civil lawsuit
against you and then garnishwages, do all of those pieces
that could impact your life.
So they criminal and civil canwork uh hand in hand together.
Administrative laws can alsowork with criminal law because
if they find something thatyou're guilty of, such as like

(12:02):
an a let's say, for example, theEPA sees that you're dumping
toxins into a river.
Okay, well, that's anadministrative law set up by the
EPA.
You can't do that.
But if it's criminal and it'snegligent and you're doing it on
purpose, then they could findyou with in relation to a
criminal lawsuit.
And then therefore, admin orcivil lawsuits could follow as
well.
So they're all tied together.

(12:24):
The big thing is that you needto really truly have legal
counsel to help you if you'redealing with some of these
aspects.
You are not a lawyer, and youprobably play one on TV, but
because you do that, that doesnot mean you understand law.
Always, again, I'm telling youthis as a person that has dealt
with it, yeah.
Never ever go anywhere withoutyour lawyer.
You gotta have one.
And the the reason is lawyersaren't superhuman, they're just

(12:47):
they understand the law and howit works and they know the
intricacies much better than youdo.
And so, therefore, that is whythey command the high dollars
that they get.
Now, cybercrimes and databreaches.
Well, let's kind of get intothat just a tad.
So, computer crime, this isexpanding into many areas and
facets of life.
It is a necessity.

(13:07):
It is not something in the pastwhere it's like, well, this is a
great ulterior, alternative.
I can't even think a big$10word.
It's a great thinking term,right?
It's something out there that,yeah, you may think about this
stuff all the time, and it maybe in academia, but it doesn't
affect us real people.
That's a bunch of bully, right?
Yeah, now we know that itaffects everybody.
And these old laws that are outthere right now are being

(13:29):
updated as we speak.
Now, this doesn't always pertainto the current world.
These laws don't.
These laws are a bit outdated.
So therefore, as they're beingupdated over time, it's
imperative that you stay abreastof any of the changes that may
be occurring.
There's the Computer Fraud andAbuse Act, CFAA.
This is the first major piece ofcybercrime legislation that came

(13:50):
out related to cyber andcomputer.
And it's originally part of theComprehensive Crime Control Act
or CCA, CCCA.
And it's designed, it's designedto not infringe on state rights.
Now, if you're not familiar withthe United States, we were
designed, we came up as uh 13independent states, a little bit
of history.
And in that 13 independentstates, they were very against a

(14:13):
centralized government, and theywanted all independent rights
for each of the states.
And so, therefore, because ofthat, they have they really kind
of hold to that.
Now, the world has changed, andit the central government has
taken a much larger role.
Some would say not for a goodthing, but it's taken a much
larger role in the UnitedStates.
And so, therefore, the statesare not nearly like they were

(14:34):
back in the early 1700s.
That being said, states do wantto clamor to have state rights.
And so when this came out, itwas focused on how do I do this
with not infringing on staterights.
States have the right to governthemselves.
Now there's a Computer Fraud andAbuse Act.
Okay, there's some key examplesaround that.

(14:54):
This includes class access toclassified or financial
information.
You has the ability to modifymedical records, traffic in
computer passwords, if you causemalicious damage to a federal
computer system.
All of those things are someexamples that you can get tagged
for with this Computer Fraud andAbuse Act.
Now, there's been some variousamendments to it.
These are outlawed the creationof malicious code, uh, any

(15:16):
computer affecting interstatecommerce, and then allows
victims to pursue civil actionagainst you.
Haha, see, there's that civilaction aspect.
Now, as you know, one of the bigthings in the United States that
people may not understand isinterstate commerce.
You can kill somebody, andthat's terrible, and that you
should go to jail for a longtime.
And hopefully, if in my beliefis that if you did it with

(15:37):
malice and you were somebodythat was actually targeting that
individual, you should behanging by the nearest tree.
But that being said, that is upto the courts to decide.
However, if you affectinterstate commerce with people,
uh that's like killing somebodythat as nasty as that is, that's
very localized in one spot.
If you affect interstatecommerce, that's affecting a lot
more people.

(15:58):
And therefore, the guess what'sa real quick way for the feds to
come after you with everythingthey have is when you're uh
affecting interstate commerce.
Because what?
It deals with the money.
Yep, follow the money, baby.
If you do that, if you affectmoney, people will listen and
people will focus on you.
The National Information UhInfrastructure Protection Act,

(16:19):
the NIIPA.
This is an amendment to theCFAA.
Again, this is acronym Soup.
I am so sorry, but I'm not sorrybecause that's just the way it
is.
So you're gonna have to knowthis for the CISSP, you're gonna
need to understand what each ofthese, not each of these, you
will you I they will ask you aquestion on this, I guarantee
you, because they always do,because they know people just
get their mind upside down andall of it.

(16:40):
But the point of it is try tounderstand the concepts, right?
What do each of these do?
And they're not gonna, Ishouldn't say that, they highly
unlikely they're gonna throw onethat, well, it's actually not
the CFAA, it's the CFAZ.
They're not gonna do somethinglike that, something trivial.
But they will want you tounderstand what do each of these
do, what what's the importancearound them?

(17:01):
So the amendment to the CFAA isbroadens the international
commerce aspects.
Again, there's the money, itaffects national infrastructure
and then threats tointernational or accidental or
intentional or accidental damageto critical infrastructure and
makes it a felony.
So, bottom line is if you attackthe United States and you're
using against infrastructure,this is where you can get your

(17:21):
first felony.
One of many, right?
So this is not like a collectionor getting out baseball cards,
but you can get many feloniesfor doing some of these cyber
things because they don't justaffect one thing, they affect
lots of others.
The Federal InformationManagement Act, FISMA.
You hear a lot about that one.
That one's one that you seequite frequently, and this
requires government agencies tohave a security program.

(17:44):
So you might be have been hiredbecause of this requirement
around having a securityprogram.
And NIST is to help provide someguidelines around that.
This includes some key points,such as periodic risk
assessments, policies andprocedures, uh, subordinate
plans for providing, andsecurity awareness training.
All of these things, again, youtry to put this in a situation
where if you just focus on thecybersecurity framework, you

(18:08):
would probably get about 99% ofwhat you need.
But this FISMA, FISMA isrequiring security awareness or
security program for yourcompany, and they require many
of these things.
Now we'll get into NYDFS andthey require a CISO, but they
also will require many of thesethings as well.
So they all kind of build oneach other.
The ultimate point is they'retrying to put enough levers in

(18:29):
place that you actually put asecurity program in your
company, and hence that is whythey do these things.
The federal cybersecurity lawsof 2014, this modernized the
federal government cybersecuritypiece.
It's also confused with the 2002FISMA.
So it relies on the centralizedfederal security with Department
of Homeland Security, and thereare some exceptions to this.

(18:49):
So defense related tocybersecurity, this is the
Secretary of Defense or now theSecretary of War.
And then theintelligence-related
cybersecurity is the DNI or thedirector of national
intelligence.
So if it's dealing with theSecretary of War or any sort of
that's tied to national defense,uh, then it would not fall under
the sub federal cybersecuritylaw of 2014.

(19:09):
But everything else does, right?
So it's all under DHS.
You'll see a lot of the hackingthings that do occur are tied to
DHS and their activities inprotecting the United States
homeland.
Now, if you're listening to thisand you're outside of the United
States, uh, your countryprobably has something very
similar to this.
I mean, I've just seen the stufffrom the Aussies, the Brits, the
French, they all have somethingand very common.

(19:31):
Uh they they all are, and we'vemade this comment before, they
copy from each other.
They take one from one and theyput it in the other.
But realistically, they shouldhave something very similar to
it.
Now, the test will be focused onUS based stuff, most likely.
Uh, there are some differenttypes of aspects around the UK
that are brought up into this,but the ultimate goal is you
need to understand how this isfor the United States, but then

(19:53):
take it to the country you'refrom and then just rinse and
repeat.
That's about like one percent ofthe stuff that you're gonna go
through.
Focused on the United States ifthat the rest of it is all
agnostic.
It doesn't really matter.
So the NIST standards that arepublished for this, you got 853,
171, and the NIST CybersecurityFramework are all tied to help
protect these the federals orhelp be part of the federal

(20:16):
cybersecurity law of 2014.
Now we're going to get intolicensing and intellectual
property requirements.
This is a big factor.
And depending, I kind of have aspecial place in my heart about
IP protection.
I did that for many years, andso I kind of have a little bit
extra oomph behind that.
So licensing and intellectualproperty, this is where the
secret sauce that makes yourbusiness work.

(20:37):
Now this can be very simple.
I'll give you an example.
I am actually creating a coffeebar for my coffee truck.
And if you're you're probablygoing, what does this have to do
with cybersecurity?
Ah, here's the piece.
So as I'm doing this coffee bar,I'm actually making it.
I designed it, I'm actuallygoing to build it, and it's a
prototype of what needs tooccur.
It's my intellectual property onhow to build a coffee bar.

(20:59):
Now, did I take ideas from otherpeople?
Yes.
I took some concepts from otherpeople and looked at those and
then figured out how that wouldwork for my world.
So I'm going to create thiscoffee bar.
Now, if could I patent it?
Yes.
Could I make billions off of it?
Heck no.
But is it my IP?
It is.
It's my intellectual property.
Now, because I am at thefranchise, I have to share any

(21:20):
of the proceeds with them up tothey get 90%, I get 10%, right?
So there's a percentagebreakout, which is totally fine.
Didn't matter about that.
The point though is thatintellectual property created is
part of what I do.
So therefore it is what Icreate.
That's why it's important foryou understanding that IP can be
as simple as a concept around acoffee bar, or it could be as

(21:42):
complex as the rocket landingsystem on the Raptor rockets for
Musk's SpaceX, right?
So it could be any of thatstuff, right?
It doesn't really matter.
It just could be also even codesor formulas that you use that
makes your business supersuccessful in what you do.
Now these are collective assetswith various rights based on
their owners, their copyrights,trademarks, patents, and trade

(22:04):
secrets.
These are all different piecesthat are tied to intellectual
property.
They will vary from country tocountry on the level of
protection and how long they'rekept for.
So as an example, when I wasworking in the IP space, the
United States had IP protectionsfor about 20 years.
But these same protections, ifyou had IP that was based in
another country, are not nearlyas long.

(22:25):
It just depends on the countryand what you're actually trying
to protect.
So I had IP lawyers that wouldwalk me through what each of
these were.
Because some of the code that wewould use would be intellectual
property.
And we had to figure out how todeal with that.
Musk has to deal with it withall of his automated driving
cars.
He has all a fleet of IP lawyersthat he is working with.

(22:47):
So the Copyright DigitalMillennium Copyright Act.
Oh, that's a lot of stuff,right?
DMCA.
So this is basically originalworks of authorship.
You made it and protects it fromduplication.
This was a factor that happenedback probably in the early 2000s
where DCMA really came into itsbeing.
But it's a large grouping ofworks that fall into buckets.
You got literary, musical, soundrecordings, etc.

(23:10):
Now, AI is going to turn thisthing on its head because of the
fact that you now haverecordings of, as an example, of
podcasts that I could actuallydo AI recordings of this, which
this is not, but you could do AIrecordings of this content and
it would sound darn near justlike me.
And this is a large group ofthis, because this all falls
within intellectual property.

(23:31):
So this is a formal process toobtain copyrights.
You have there to go throughthis with the U.S.
government.
And basically, and all thisreally does say is that yes, you
submitted it to the government,and it starts a paperwork trail.
Just because you submit yourcopyright to the U.S.
government does not mean youhave it protected, but it the
paperwork trail has begun.
You will have to get yourself,like I said, an IP lawyer or a

(23:54):
person, a lawyer thatspecializes in some sort of
copyright protection if you wantto really truly put some level
of protections around what youdo in your work.
Now, this provides protection upto 70 years after the death of
the last author.
And then it basically brings,it's designed in 1998 and it
brings into everything into thedigital world, right?
So protection from digitalreproductions from CDs and DVDs,

(24:18):
you're probably saying, What isthat?
But if you those those don'texist much anymore, but I'm sure
they're out there somewhere.
So yeah, I remember when the VHStape was like, oh my goodness,
this is awesome.
And now you have CDs, DVDs, andyou're like, oh, those are
great.
And then those are gone backfrom the 90s.
They're gone.
Uh it limits liability to ISPswhere data is downloaded, and

(24:39):
then there's various exceptionsto law for a service provider.
Uh, a good example of that is myson Wilver Christmas, a few many
years back.
He he decided to try to live onthe dark side a little bit.
And next thing you go, hey dad,did you know that this movie is
out already?
I'm like, no, it's not.
He goes, Yeah.
And he starts downloading it,and I'm like, wait, what is
that?
It hadn't even finished intheaters yet.
I go, stop, stop, you can't dothat.

(25:00):
And I mean it not more withinabout like two minutes.
I got an email from my providersaying, you are downloading
illegal content.
I'm like, stop.
So he deleted it and we got ridof it all and it stopped right
there.
But the point was, I was like,yeah, they know what you're
doing.
So don't do it.
And yeah, you can get around itwith Tor and other areas, I
know, but when it's all said anddone, let do use your powers for

(25:21):
good, not evil.
So there's also trademarks.
This is another piece of this.
This is where you protectcreative work, such as logos,
slogans, and everything else.
And it's very strong, powerfulproducts that can be added.
Now, the logos, we'll use anexample.
McDonald's.
Yep, you see the big M, you knowwho's that is.
Starbucks, from a coffeestandpoint, you know who that
is.
Traveling Tom's Coffee, you willknow who that is in the future.

(25:44):
So I hope so, at least.
That's that's the goal.
It's designed to avoid confusionin the market while protecting
intellectual property.
You can add a TM that's TangoMike when using it in daily
activities, such as makingcybersecurity the simplest TM,
right?
You can do that.
Uh once it's registered at uhthe within and it has a little R

(26:04):
with a circle around it, thenit's registered trademark.
Uh, you can file a trademarkwith U.S.
Patent Office or the TrademarkOffice.
Uh, it's intent to use and it'snot necessarily using it right
now.
So if you intend to use it, uhso like making cybersecurity
simple for businesses.
I won't I haven't done that yet,but I'm gonna do it.
Well, even if you're not usingit, you still can go ahead and
submit it to the U.S.

(26:25):
Patent and Trademark Office.
It must not be confusing toanother trademark.
So you gotta make sure that youdo the due diligence to go, it
must be for the simplest forsmall and medium businesses.
Um, you know, cybersecuritymaking cybersecurity simplest
for small and medium businesses.
Okay, making cybersecuritysimplest for businesses.
Well, that that's prettysimilar, right?
That would not fly.

(26:45):
So you have to come up withsomething that's a little bit
different than that.
Use ChatGPT or any sort of AIproduct to help you with
deciding what that might be.
Patents, these provide 20 yearsof exclusive rights.
After 20 years, uh it'savailable to anyone, uh, new and
original.
That's basically the ultimategoal, is that it gives you some
level of protection to ensurethat you have market penetration

(27:07):
before the uh the rest of thepeople can use this product.
Now, after 20 years, if youdon't have market penetration,
you've done something wrong.
Now it's it's obvious, right?
So you want to like tire chainsfor snow, this is obvious, but
tire chains printed by a 3Dprinter, not so obvious.
So that patent would be aninteresting thing.
So that's why they're talkingabout making it the obvious

(27:28):
rule.
So you have to call out ifyou're going to be doing it for
something specifically.
Uh, patent trolls, these arefolks that engage in legal
action around patents attemptingto gain cash.
I have dealt with these peopledirectly.
They are right up there with theambulance chasers that are
trying to get cash from peoplegetting in accidents.
And again, I go back to this.
There's there's real goodreasons, I'm sure, that a patent

(27:51):
troll should do what they do.
And there's real good reasonsthat an ambulance chaser should
do what they do.
There are people that are hurt,they need to be protected.
However, there's the pendulumgoes from one extreme to the
other, and at times it's on theother extreme, and they're just
trying to sue to get money forpatents, uh, just so that they
can, that's how they make theirliving, is filing lawsuits.
So it's a very interestingworld.

(28:13):
Trade secrets, these arecritical to business operations,
uh, such as, for example, thestraw making business.
If you have a new way to make astraw with the swirly little red
ridges and they're all builtinto your straw, that would be a
trade secret.
Everybody knows how to make astraw.
Straws are very simple, but ifyou make it in a different way,
in a Gucci way, then it could bea trade secret.

(28:35):
An example of this is my unclehas created the product called
Flavor Burst.
Now remember we were kids and hewould show us some prototypes,
and it puts a candy swirl in theice cream, which is like my
favorite, right?
So he did that, and in theprocess of doing that, he had to
file a file what he needed to doaround trade secrets on how he
officially did that.

(28:56):
So this is an official processto file a trade secret.
You don't file with anyone, butyou must put preventative
controls to protect it, and youmust have all the documentation
on what you did to provide thistrade secret.
Now, if for someone comes outand copies it, you then prove
with date stamps of going, no,no, no, I did this.
Again, you got to hire a bunchof lawyers, and then you can
turn around and sue them onthat.

(29:17):
Now you can implementnon-disclosure agreements with
your people to protect the data.
So if you have higher employeesand they are working in this
stuff, you may want to have anNDA in place.
There's large software companiesthat focus on trade secrets
specifically, and copyright onlyprotects the data of the
software, whereas the overallconcept can be like I made a
pencil machine, uh, engineeredone out, and I didn't do as a

(29:39):
trade secret, I actually gave itto somebody just because, hey, I
thought this was pretty cool.
Um, but realistically, I wish Iwould have kept it.
It was a really cool pencilmachine I made for schools, and
it was my design.
I had a prototype built.
That would have been, it was myunique way it did that, and that
would have been a trade secret.
Licensing.
This is reselling yourtechnology or your idea.

(30:00):
So, common types of this wouldbe a contract agreement, such as
with a software vendor orcustomer.
You have pre-packagedagreements, which is where you
acknowledge and accept bybuying.
So, what those means is that yougo and you bought the thing, you
click the yes, I accept whatyour terms are, I buy it.
So those are pre-packagedagreements that are done.
Your click-through agreements,this is ones where you accept

(30:21):
the terms at your um on yourwebsite.
You go to your website andyou're saying by accepting these
terms, you know that I can haveyour firstborn child with and
all subsequent childrenafterwards.
Oh, yeah, sure.
Click, click, click, click.
Um, that that is yourclick-through agreements.
And then you have cloud serviceagreements, which is very
similar to your click-through.
Uh, this may bind anorganization to more than you
anticipated.
And I will say this it'simportant that you do have legal

(30:44):
counsel help you with any ofyour cloud service agreements.
And the reason is because youcould end up in a situation,
especially with SaaS products.
When you're dealing with Azureand uh Amazon, those products
are pretty, they know they'redisposable.
They you spin them up, you spinthem down.
That's a given.
The ones that have teeth thatcan end up causing you more
trouble than they're potentiallyworth is dealing with a software

(31:08):
as a service kind ofexpectation.
A third party that has that.
Uh, Google's another goodexample.
If you sign up with Google andyou do uh data storage, there
can be some potential issueswith that as well.
So they just need to reallytruly understand.
I know a situation that I don'tknow if it's this way now, but
it used to be where if anythingyou uploaded to Google, uh, they

(31:30):
had terms in their contractstating that you they own it.
They own whatever you upload toGoogle, they own it.
And I'm I'm sure they have takensome of that language out, but
it's realistically, if at somepoint in time, that's was in
their language.
So anything you uploaded, yourpictures of Aunt Gina, they
would own pictures of Aunt Gina.
And why they would want that,it's hard to say, but they

(31:52):
wanted to own it.
All right, import exportcontrols.
Export controls, these are highcomputing devices and products.
This is such as computerhardware, encryption.
We're seeing this play out todayin the chips with the Chinese,
uh, NVIDIA, all of these aspectsare tied into export controls.
The Department of Commerce andBureau of Industry and Security
will limit where you can sendthings, such as Cuba, Iran,

(32:13):
North Korea, Sudan, Syria.
Those are places that you cannotsend things.
And they will really get introuble if you send things to,
let's say, France, and then theyin turn France sends it to Iran.
Those that can get bad, and youcan get sanctioned by the U.S.
uh Department of Commerce.
And then you are potentially, ifyou're in an international
business, you could be shutdown.
So you've got to be played verycareful role with it.

(32:34):
I've seen this and I lived it.
I've lived it through asituation where buying something
in one country, how does itimpact it affecting some of
these countries that have beenuh no no work with kind of
countries?
And it can be reallychallenging.
Just you so I mean it.
As a security professional, youare experienced so many things,
uh, depending upon what the sizeof your organization is.

(32:57):
Encryption, this is previouslyit was very hard to export at
any level of encryption, andthis includes what was in the
actual hardware itself.
Uh, I had to work with this in aspecific situation with some
products in China.
I had to go through uh a verylengthy thing with the State
Department to ensure that allthis information that was being
sent was not going to be used bythe Chinese in any form or

(33:19):
fashion.
Uh again, this has beenrepealed, uh reviewed by a
commerce department, and has a30-day review process.
You can you can deal with thiswhole process.
It's changed a lot, though.
I would say some of the, when Ifirst started, the encryption
capabilities that could be sentto foreign countries was very
limited.
Uh now it's not so much.
And I think a lot of it reallystems of the fact that they're

(33:39):
trying they understand quantumand where quantum is going.
They're not so concerned aboutcrypto that uh it won't be, they
figure it's gonna be broken atsome point.
So they're not quite asdraconian on it.
The technology changes, again,interesting to see how new
technologies will be addressed.
And then we talked about quantumcomputing is a big factor.
But it will be very interestingto see how this plays out in the

(34:00):
future.
Transborder data flows.
Okay, this is uh defined as anelectronic movement of data
between countries.
If you have not dealt with this,if you're an international
company or not an internationalcompany, this probably is like,
oh, yawn, don't worry about it.
But uh, at some point in time,I'm pretty sure most country
companies have dealt with somesort of international uh
capability.

(34:20):
And you're dealing with any sortof electronic data flow between
countries.
So data leaving from France tothe United States, how is it
handled?
Data leaving from Iran to theUnited States, how is that
handled?
Very different, but at the sametime, that fo same concept
focuses on both.
Now, there's a growinginternational awareness of data
between countries, and we'vebecome much more seamless as it

(34:40):
relates to transformtransporting data.
Uh it it kind of just goes,people think, oh yeah, it's no
big deal.
But there are laws around thisand you need to be cognizant of
them.
Even if you don't really want tosay, okay, I'm not really
worried about that, that istotally fine.
That's totally on you.
But you need to make sure yourlegal teams understand this.
Because here's the part thatthey don't get.

(35:02):
It depends.
Big companies get it, smallcompanies don't because they
don't really deal with it.
But you need to talk to yourlawyers and make sure they
understand that if you'retransferring data between one
country to our country or viceversa, what are the rules around
it?
And if they don't know, tellthem to get smart on it because
it is an important factor.
Not to say that they're notgoing to find you and they

(35:23):
probably will never ever dealwith you on this, but if
something bad does happen,that's one of the aspects
they're going to ask is, okay,how are you protecting this
data?
Tell me a little bit more aboutthis data.
And quickly, this will unraveland turn into an absolute
nightmare for you, and you'll begoing, what the heck just
happened?
So again, you need to understandit.

(35:44):
I can't express this enough.
It will bite you.
Uh, there's various regulatoryrequirements requiring
knowledge, such as Chinese cyberlaw, EU directives, and thus
therefore.
I dealt with both of those,Chinese and the European Union
on this.
Uh and there's bureaucrats thatare sitting in various places in
both countries going, you didnot do this correctly.
I think I'm a little bitpassionate about it because

(36:04):
yeah, it caused me to lose abouta month of my life.
Uh, it affects various types ofdata.
This includes personal data,business data, and governmental
data.
You need to know where your dataresides.
You need to know where it'stransporting.
You gotta know it.
It's really important that youunderstand where your data is
at.
It's not just air quotes in thecloud.
Hey, where's your data?
It's in a cloud.
What cloud?

(36:25):
I don't know, but it's in acloud.
Where's your cloud at?
I don't know, but it's just in acloud.
So it's like it's like air,right?
It just floats.
Yeah, you need to know more thanthat.
Uh, United States privacy, thisis the Fourth Amendment of the
U.S.
Constitution.
It's again, this is where you'redealing with privacy in the
aspects of unreasonable searchand seizure, and they must have
a probable cause.
Protections have increased toother to other invasions of

(36:47):
privacy as well.
Now, if you're not in the UnitedStates, you'll be going, well, I
don't have any privacy in mycountry.
That's very could be very true.
Um, but this is how it's takenin the United States.
I would say unreasonable searchand seizure, define
unreasonable, right?
That's where the lawyers and thejudges come in, because what's
reasonable to you andunreasonable to you are two

(37:08):
different things to what is tothe government.
The privacy bandwagon, there'sother countries that are
requesting privacy protectionsfor their citizens and countries
not known to be proponents ofprivacy, such as China, Vietnam,
et cetera.
Uh, they're looking for airquotes privacy.
But realistically, they're shthey're putting a veil of
privacy uh to use it in a way toto um how do you say it, to

(37:29):
protect their citizens?
Yeah, that's it.
It's protecting them.
Uh there's the way we understandprivacy in the United States and
these other countries perunderstand privacy are very
different.
Now I say that it's becomingvery Orwellian in the fact that
uh when I was in China, you havecameras everywhere and they
watch everything you do.
I mean, you can't even fartwithout them knowing about it.

(37:50):
But when the United States isthe same concept, so I'm seeing
cameras everywhere as well.
So we're becoming much more likethe Chinese in that government
big brother government lookingat you kind of thing.
The difference is the UnitedStates, we typically don't put
up with it.
Um I say that.
And whereas in those countriesthey they've just been cowed
into, they will follow that.

(38:12):
Uh and they have a big strongarm against them if they don't.
So again, it's very differentcultures, very different world.
You need to understand theculture that you're working
with.
If you have business in Vietnam,understand some of the
challenges that they're they'reworking through because that
will make you a much bettercybersecurity professional and
it also makes you a good human.

(38:32):
Privacy regulations.
This is where Privacy Act 1974,this limits federal government
agencies.
There's the ElectronicCommunications Privacy Act of
1986, where you have illegalinterception of electronic
communications.
And then you have thecommunications assistance for
law enforcement, which was in1994, which allows wire carriers
to wiretap law enforcement forlaw enforcement, not wiretap
them, they get to wiretap you.

(38:54):
And then the Economic EspionageAct of 96, where data uh theft
is falls under their industrialor corporate espionage.
So privacy, you can see, is abig factor here in the United
States.
Lots of acts and laws that wereput in place to help mitigate
some of the privacy challengesthey were running into.
Or in the case of wiretap, thatthat's they want law enforcement

(39:14):
to be able to tap you if theywant to be able to do it.
And how are they protected indoing so?
Other parts of that are tied,have privacy regulations baked
into them in some ways, is theHealth Insurance Portability
Accountability Act.
Yeah, it's a mouthful of 96,otherwise known as HIPAA.
Yeah, that defines rights ofindividuals.
That thing has all kinds ofteeth in it, and it's just it's

(39:35):
nasty.
Uh, you have high tech, whichI'm not going to go through that
again because that's againanother alphabet suit, but it's
basically health informationtechnology for economic and
clinical health.
2009.
Uh, data breach notificationrequirements are put in there
for any sort of issue that youmay have.
You have COPA, which you shouldbe very aware of, and this is
the Children's Online PrivacyProtection Act of 98.

(39:57):
That one will bite you hard, andyou better make Sure, you are
protecting it.
And this is again designed toprotect information on sites
catering to children.
Now, if the site doesn'tnecessarily cater to children,
uh, like I'll say CISP cybertraining, do children go to my
site?
Yeah, I'm sure they do.
Um, is it good for them?
I highly recommend it, it'llhelp make them smarter.
Uh, but is it catering to thechildren?

(40:18):
No, it's not.
So, therefore, I don't fallunder COPA because of the fact
that I'm not catering to myfive-year-old granddaughter.
Uh, but if I had Blue E on mysite and I was trying to get
kids to bring their parents tomy site with using Blue E as an
example, then I would becatering to children.
So, therefore, I would fallunder COPA.
Uh, and COPA is very um, it'sgood.

(40:40):
I mean, it's good for the kids,it's good to protect them, but
you better have a good plan whenyou're dealing with sites that
are tied catering specificallyto children.
The Graham Leach Bliley Act of1999.
This you'll see, especially inthe financial industry, I deal
with this a lot.
And this provides writtenprivacy policies to customers.
Uh, they have to have that.
And there's many, many others,but these are some of the big
ones that you might deal with asit relates to the CISSP.

(41:03):
European Union Privacy Law.
This was enabled in 95.
It's very strict requirementsaround processing personal data,
and it was a lead-on to GDPR.
Uh, and it just comes down to ishow do you manage people's data?
Do you have the right to beanonymous?
Do you have the right to beforgotten?
All of those pieces will fallinto, which is it falls into
GDPR, but all of those stemmedfrom the European Union Privacy

(41:25):
Law of 1995.
Uh, and again, you must provideconsent to use any of their
data.
The EU general data privacyregulation, this was enacted in
2018.
This applies to organizations orcompanies not in the EU.
So these are the people that arecollecting data on EU citizens
but are not EU people or not EUorganizations.
If you have a data breach within24 hours, you must let them

(41:50):
know.
If it deals with the privacy ofEU citizens, uh, this is
serious.
They will fine you and it willbe bad.
So you need to let them know.
Now, you need to define as anorganization what is a data
breach, air quotes.
Um, you may have lots ofincidents and may have lots of
events, but you don't havenecessarily a data breach.
Once you label the data breachconcept, boom, baby, your clock

(42:12):
is ticking, so you better getgoing.
Uh access to their own data, youhave the ability to be
forgotten, data removed, all ofthose pieces, right?
I want to be forgotten and notmy data is not used by you.
That is all part of this generaldata privacy regulation of 2018.
Data protection personnel withineach of you of the member
states.
So again, it's it's synonymous,kind of like our states.

(42:34):
You have in the United States,you have data protection if you
go from California to Maryland.
Now each state has its ownprivacy laws that are in place.
Some may be a little moreloosey-goosey, some may be more
draconian.
If you go to Maryland and you goto California, those are
typically a little moredraconian.
You come to Kansas, they'reprobably a little more

(42:54):
loosey-goosey.
So it just depends.
However, you if data goes fromKansas to Maryland, I fall under
the Maryland privacy laws.
So it's best just to focus ondoing the most draconian and
make sure you meet those.
Data protection personnel withineach of the members, you talked
about that, and then there'slots of other details that are
tied to it.
But at the end of all of that,you need to access access to

(43:17):
their own data, ability to beforgotten, data can be removed
upon their request.
That is key when you're dealingwith the data privacy regulation
of 2018.
The China personal informationprotection law, Pipel, yeah,
dealed with this one a lot.
Uh, this protects the rights ofinterests of individuals.
Wink, wink, uh, yeah, that's theindividuals, all right.

(43:38):
Uh regulate the personalinformation processing
activities and resembles veryclosely the GDPR.
Now, it's anonymized informationis not for personal information.
So if you have it out there, youanonymize it and it's not
available for personal gain.
Uh, it's any this is dealingwith processing of data outside
of China.
So any Chinese citizens thatyou're using outside of China

(43:59):
and you're processing the data,you have to follow the PIPL law.
And you must have a dedicatedoffice or representative in
country to process data.
Very similar to GDPR.
They have data processors, um,but it's very similar to that.
Now, I say that the the thing iswhen it comes to, I try to use
the concept of the EU is aboutprotecting the citizen.
They are, they're theirs aredesigned to protect the citizen.

(44:22):
China is designed to protect thestate, not the citizen.
It may come across as they'retrying to protect the citizen,
but they're not.
It's the state.
And the United States is in themiddle, right?
We are we're not all aboutprotecting this the person, but
we're also all not aboutprotecting the state.
And because all the differentstates in the United States have
different rules, it gets alittle bit more convoluted and

(44:45):
confusing.
But they're dealing with thepeople law, you do not want to
mess that up.
You want to make sure that youare handling it in the most
correct manner, especially abusiness in China, because they
can come in and the Chinesegovernment, and it's say, for
example, and we had like a$1.5billion facility that made that
per year, and it's making gobsof money, right?
Well, if you'd screw this up,they can come in and go, uh, you

(45:07):
can shut that down now.
Thank you very much.
And then you shut it down andnow you just lost$1.5 billion a
year.
Yeah, that will hurt thepocketbooks.
You aren't getting a bonus thisyear, whether you like it or
not.
Uh so yes, that's an importantpart.
Pipple law is something you wantto make sure that you are
following.
On the vein of privacy, we havestate privacy laws.
You need to be aware of all thelaws passed by the states, the

(45:29):
provinces, and otherjurisdictions.
Uh the CCPA, this is theCalifornia Consumer Privacy Act.
Uh, you need to be aware of thatas well.
This was passed in 2018,modeling after EU GDPR.
The provisions went into effectin 2020, and some key points you
need to know is really what isthe information business that
business is collecting, that youhave the right to be forgotten,

(45:49):
you have the ability right to beopt out of a sale of personal
information, or the right toexercise privacy without
persecution.
And all this falls under CCPA.
So it looks very close to GDPR,but it's just for California.
I mean, like California'seconomy is like in the top five
of the globe, somewhere rightaround there.
Uh so you know, they had thisaspect that they wanted to be

(46:10):
able to do.
Now, if you notice that if youwork with any businesses in
California, they will have thischeckbox.
You can be forgotten.
You can uncheck that and say,no, I don't want you to collect
my information.
Actually, on CISSP, you can optout of marketing emails if you
sign up.
All of that stuff is designed tohelp protect you as a consumer.
Uh, but it's also when you dothat, you limit what you can

(46:30):
actually get and what kind ofinformation you may be able to
get.
So you got to weigh thatdetermining what is most
important and what is mostvaluable to you.
So you're dealing with databreaches.
So there's various data breachnotification requirements out
there, and these areincorporated into various
privacy laws.
We talked about high-tech,right?
You have a federal law that youhave to deal with of
individuals.
You have GDPR.

(46:51):
Uh so high-tech, I think it's 72hours.
GDPR is 72 hours.
Um, they're they all havedifferent ranges, and they're
anywhere from 24 to 72 hours ofa data breach.
You must let them know.
Now, it's it became at first, itwas like, oh my gosh, this is
crazy.
This is foolishness.
And it is, in some respects,because you, as we all know, you
you're not gonna know anythingin 24 hours, you're not gonna

(47:13):
know anything in 72 hours.
So you have to be very clear onwhat is a data breach.
You have to be very clear andyou need to find what you
consider a data breach.
Now, it's up to you to considerwhat that is.
They have guidance out there onwhat a data breach is, and if
you say, um, I'm only gonna calla data breach, that if the IP

(47:34):
address along with the person'sinformation, plus their date of
birth, plus their child's name,plus uh their dog's name is
leaked, then I will call it adata breach.
If if those things are not met,I will not call it a data
breach.
Okay, if you go with thatthought process, which you
could, I wouldn't recommend it,but you could, um, then people
will come back and look at youand say, no, that's a foul.

(47:55):
And they will, you'll have allkinds of legal issues.
On the flip side, if you say,hey, if I have a log come in
that says this computer isacting just funny, I'm gonna
call it a data breach.
That is really bad.
That's the wrong side of thependulum as well.
So you're gonna have to figureout what's in between the
pendulum.
What is in there that youconsider going, you know what, I
feel pretty confident that thissomething bad has just happened.

(48:17):
Let's go ahead and alert the letthe hounds know, release the
hounds.
Um, you have the ability to dothat.
So, but you need to define thatwith working with your COO, your
CIO, and your CEO.
That's a lot of C's.
But yes, you need to work withall of those folks to define
what is a data breach.
And and your lawyers too, makesure your lawyers are in there.

(48:38):
Uh, because then it will comeup.
And if you don't figure that outnow, when it does come up,
you'll be lots of peoplepointing fingers and head
scratching going on.
So very important for you tofigure that out.
I spent a little bit of time onthat because I wanted you to be
aware this isn't something youcan take lightly, but you cannot
pass it off and just think, oh,I will worry about that later.
No, it's a thing you need toworry about today.

(48:59):
Uh the California SB 1386, thisis the first U.S.
state to require data breachnotification.
Uh again, this deals with anypersonally identifiable
information, which is an oldterm that's not really used, but
if it's if it identifies back toyou.
Social Security number, driver'slicense, all those kinds of
things, and they vary from stateto state.
Again, most require a documentedprocess process to address any

(49:22):
sort of breach.
Okay, that's all I have for youtoday.
That was a lot.
There's a ton of stuff there.
Go to CISSP Cyber Training andgo check it out.
All of this is available to youat CISSP Cyber Training.
The videos are there, the allthe content is there.
These are broken into actual,I've got training that's broken
into actual segments.
I've got a blueprint, you'regonna have questions.

(49:43):
All of that is available to youat CISSP Cyber Training in part
of my paid products.
My free products, I've got a lotof content to include this, was
is available to you uh on myblog, will be available probably
in the next couple weeks.
Uh, so all my free content willhelp you get going, get started
on the CISSP.
If you really want to finish upstrong and you want that
concierge type activity, go toCISSP Cyber Training and pay get

(50:06):
the paid products.
They will, you will not regretit.
If you're focused on trying tomake extra money and try to get
the CISSP done, I mean,seriously, let's look at it this
way.
You're gonna invest however muchin a test,$700 to$1,100 on a
test, and you're not gonnainvest a little bit of money in
trying to get the training thatyou need.
I'm sure you're cutting yournose off to spite your face.
Can you do it?
Sure.
Did I do it?

(50:26):
Sure.
But I also failed the firsttime.
And we don't want you to failthe first time.
We want you to pass the firsttime.
You can go on my, go on to theany podcast where you're
listening to this and see someof the testimonials.
The training is there.
It's for you.
It's good.
It will help you pass the exam.
It'll help you get this done.
And then the best part is it'llgive you some real world
experience to kind of start youoff right and get you going down
the right path.

(50:46):
All right.
Hope you guys enjoyed this.
Have a great day, and we willcatch you all on the flip side.
See ya.
Thanks so much for joining metoday on my podcast.
If you like what you heard,please leave a review on iTunes
because I would greatlyappreciate your feedback.
Also, check out my videos thatare on YouTube and just head to
my channel at CISSP SkyberTraining, and you will find a
letter for a contacted ofcontent to help you pass the

(51:10):
CISSP exam the first time.
Lastly, head to CISSP SniperTraining and sign up for 363
CISSP questions to help you inyour CISSP journey.
Thanks again for listening.

All Episodes

Episode Transcript

Popular Podcasts

Dateline NBC

Stuff You Should Know

The Breakfast Club

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}CCT 306: CISSP Domain 1.5: Understanding Legal, Regulatory, and Compliance Requirements

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Dateline NBC

Stuff You Should Know

The Breakfast Club

All Episodes

CCT 306: CISSP Domain 1.5: Understanding Legal, Regulatory, and Compliance Requirements

Dateline NBC