As a CISSP working for a direct bank based in Taiwan that relies entirely on internet banking that involves credit card business, you are reviewing compliance requirements. Which of the following is least related to the compliance issue?
A. Customer’s contracts
B. Foreign laws
C. (ISC)² Code of Ethics
D. Due diligence in mergers and acquisitions
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. (ISC)² Code of Ethics.
Your company doesn’t need to comply with (ISC)² Code of Ethics. You are reviewing compliance requirements for your company, not for yourself. (ISC)² Code of Ethics applies to CISSPs and those who subscribe to it, say, other certification holders like CCSP, CSSLP, or SSCP. Just name a few.
Due diligence relies on the prudent man rule of the judge. If your company doesn’t exercise or comply with due diligence in mergers and acquisitions, senior management is going to get in trouble.
Customer’s contracts as contractual requiremts are typical compliant requirements.
Foreign laws should be taken into considerations, for example, GDPR.