CISSP Domain 1: Laws, IP & GDPR (Compliance)

On the CISSP, compliance is risk management - so the key isn’t memorizing statutes, it’s knowing which law touches your data and which breach clock is running. This Domain 1 deep-dive walks the three categories of law, the four intellectual-property protections, import and export controls, transborder data flow, and the major privacy regimes side by side.

With Beth, Erica, Michael, and Nova, we untangle the alphabet soup that trips up the most candidates: GDPR’s controller-versus-processor roles and 72-hour breach clock, California’s CCPA, HIPAA for health data, GLBA for finance, and the reason PCI DSS is a contract rather than a law. We also cover why you cannot simply email strong encryption across a border, and how data residency differs from data sovereignty.

In this video:

• Criminal, civil, and administrative law, and the burden-of-proof trap that separates them
• Patent, copyright, trademark, and trade secret matched to what each one actually protects
• EAR, ITAR, the Wassenaar Arrangement, and the deemed-export rule that catches engineers
• Transborder data flow, data residency, and data sovereignty in a cloud world
• GDPR roles, the 72-hour notification clock, and fines up to 4% of global revenue
• CCPA, HIPAA’s 60-day clock, GLBA, and why PCI DSS is contractual, not statutory

The next video in the series moves into security governance, frameworks, and the roles that turn these obligations into a working program. Anchored to the (ISC)2 CISSP Detailed Content Outline effective April 15, 2024.

Presented by Professor Erica — CISSP, CISM, PMP, M.S. Project Management, D.B.A. in progress.

▶ Watch next: CISSP Domain 1: Investigation Types & Security Docs https://www.youtube.com/watch?v=b-N2mnZT23M

📺 Full playlist: CISSP (2026) v2 https://www.youtube.com/playlist?list=PLlIAFxS2964_K3g6WysWnLpifoxilduGi