Just The Facts, Ma’am

Well, another chapter in the Shon Harris book is done: Legal, Regulations, Compliance and Investigation. I thought this would be easier, but some of the quiz questions tripped me up (I’ve got to remember to be careful to look for “not”s–i.e., which of these is not…). This is also tricky because many of the areas are more grey, especially when judging when another organization considers something ethical (such as the IAB, or even (ISC)2 itself, which considers it unethical to talk about what was on the exam… unless, of course, you are teaching a CISSP exam course), or understanding the difference between enticement and entrapment. The next domain: Application Security.