Skip to content

Page017

In order to begin to appreciate common legal concepts at work in today’s global economy, an understanding of the major legal systems is required. These legal systems provide the framework that determines how a country develops laws pertaining to information systems in the first place. The three major systems of law are civil, common, and religious law.

The most common of the major legal systems is that of civil law, which is employed by many countries throughout the world. The system of civil law leverages codified laws or statutes to determine what is considered within the bounds of law. Though a legislative branch typically wields the power to create laws, there will still exist a judicial branch that is tasked with interpretation of the existing laws. The most significant difference between civil and common law is that, under civil law, judicial precedents and particular case rulings do not carry the weight they do under common law.

Common Law

Common law is the legal system used in the United States, Canada, the United Kingdom, and most former British colonies, amongst others. As we can see by the short list above, English influence has historically been the main indicator of common law being used in a country. The primary distinguishing feature of common law is the significant emphasis on particular cases and judicial precedents as determinants of laws. Though there is typically also a legislative body tasked with the creation of new statutes and laws, judicial rulings can, at times, supersede those laws. Because of the emphasis on judges’ interpretations, there is significant possibility that as society changes over time, so too can judicial interpretations change in kind.

Note
Common law is the major legal system most likely to be referenced by the CISSP® exam. Therefore, this chapter will focus primarily on common law, which is the basis of the United Kingdom’s and the United States’ legal systems.

Religious Law

Religious law serves as the third of the major legal systems. Religious doctrine or interpretation serves as a source of legal understanding and statutes. However, the extent and degree to which religious texts, practices, or understandings are consulted can vary greatly. While Christianity, Judaism, and Hinduism have all had significant influence on national legal systems, Islam serves as the most common source for religious legal systems. Though there is great diversity in its application throughout the world, Sharia is the term used for Islamic law and it uses the Qur’an and Hadith as its foundation.

Other Systems

Though Customary Law is not considered as important as the other major legal systems described above, it is important with respect to information security. Customary law refers to those customs or practices that are so commonly accepted by a group that the custom is treated as a law. These practices can be later codified as laws in the more traditional sense, but the emphasis on prevailing acceptance of a group is quite important with respect to the concept of negligence, which, in turn, is important in information security. The concept of “best practices” is closely associated with Customary Law.

Suppose an organization maintains sensitive data, but is subject to no specific legal requirements regarding how the data must be protected. The data is later compromised. If it were discovered that the company did not employ firewalls, antivirus software, and used outdated systems to house the data, many would believe the organization violated, perhaps not a particular legal requirement, but accepted practices by not employing customary practices associated with safeguarding sensitive data.