Legal Issues in Information Security



This course provides a unique, in-depth look at the major US federal and state laws that regulate information security and data privacy practices. With content provided by an industry expert, this course provides a comprehensive explanation of the most pertinent regulatory laws; discussing key concepts common to information security, data privacy, and the US legal system. Using examples and exercises, this course incorporates hands-on activities to walk the learner through the entire process of creating an information security program.

In addition to premium instructional content from Jones & Bartlett Learning's comprehensive Information Systems Security and Assurance (ISSA) curriculum, this course provides access to hands-on Paper-based Labs, Case Scenarios and Handouts, and eBook (via CourseSmart).


This course covers content within the following industry certification exam:

  • Certified Information Systems Security Professional (CISSP) - 'Legal, Regulations, Investigation & Compliance' domain covered


Information security analysts


General knowledge of networking and management information systems

Learning Objectives

  • Legal aspects of the information security triad: availability, integrity, and confidentiality
  • Concept of privacy and its legal protections
  • Basic components of the US legal system
  • Legal compliance laws addressing public and private institutions
  • Intellectual property laws
  • The role of contracts in online transactions and cyberspace
  • Cybercrime and tort law Issues in cyberspace
  • Principles requiring governance of information within organizations
  • Risk analysis and incident response procedures
  • The importance of forensic examination in legal proceedings

1. Fundamental Concepts

  • Information Security Overview
  • Privacy Overview
  • The US Legal System

2. Laws Influencing Information Security

  • Security and Privacy of Consumer Financial Information
  • Security and Privacy of Information Belonging to Children and Educational Records
  • Security and Privacy of Health Information
  • Corporate Information Security and Privacy Regulation
  • Federal Government Information Security and Privacy Regulation
  • State Laws Protecting Citizen Information and Breach Notification Laws
  • Intellectual Property Law
  • The Role of Contracts
  • Criminal Law and Tort Law Issues in Cyberspace

3. Security and Privacy in Organizations

  • Information Security Governance
  • Risk Analysis, Incident Response, and Contingency Planning
  • Computer Forensics and Investigations