A company’s internal investigation uncovers evidence suggesting that an employee may have stolen trade secrets and transmitted them to a competitor. The security team’s forensic analyst, who is not law enforcement, uses packet capture tools to monitor the suspect’s outbound traffic in real time to confirm the leak. The analyst captures the data and presents it to management, who plan to terminate the employee immediately. From a CISSP and legal standpoint, what is the MOST significant concern with how this evidence was obtained? A. The analyst may have violated wiretapping and privacy laws by monitoring live network traffic without proper authorization. B. The analyst exceeded professional scope by performing forensics on corporate assets without a court order. C. The evidence is invalid because the analyst did not use a certified forensic tool for packet capture. D. The company should have notified law enforcement before beginning the internal investigation.

A defense contractor is building a system that will store design data for classified weapons. Engineers must ensure that a user cleared for “Secret” cannot modify “Top Secret” design files, and that data from lower classifications can never compromise higher-level data integrity. Which information flow model BEST satisfies these requirements? A. Bell–LaPadula Model B. Biba Integrity Model C. Clark–Wilson Model D. Brewer–Nash (Chinese Wall) Model

A U.S.–based company provides cloud storage services to European customers. Personal data from EU citizens is processed and stored on servers located in the United States. Under the EU General Data Protection Regulation (GDPR), what is the PRIMARY legal requirement before transferring this data outside the EU? A. Encrypt the data before transmitting it to ensure confidentiality in transit. B. Notify EU supervisory authorities within 72 hours of each cross-border data transfer. C. Establish an approved transfer mechanism such as Standard Contractual Clauses or Binding Corporate Rules. D. Obtain the explicit consent of every data subject prior to data transfer.

A recent assessment identified that a key web application handling payment data has several high-severity vulnerabilities. Management approved funding to implement a web application firewall (WAF) and continuous code scanning as compensating controls. After both controls are deployed and verified, the residual risk remains above the organization’s formally documented risk appetite. What should the information security manager recommend NEXT? A. Accept the residual risk since reasonable controls have been implemented. B. Transfer the residual risk through a cyber-insurance policy. C. Escalate the residual risk to senior management for a risk acceptance decision. D. Implement additional detective controls to reduce exposure further.

Find us here May has prepared a 20 to 30 minute session on cryptography for us!