CHAPTER 2Information Security Governance and Risk Management

This chapter presents the following:

• Security terminology and principles

• Protection control types

• Security frameworks, models, standards, and best practices

• Security enterprise architecture

• Risk management

• Security documentation

• Information classification and protection

• Security awareness training

• Security governance

In reality, organizations have many other things to do than practice security. Businesses exist to make money. Most nonprofit organizations exist to offer some type of service, as in charities, educational centers, and religious entities. None of them exist specifically to deploy and maintain firewalls, intrusion detection systems, identity management ...

Get CISSP All-in-One Exam Guide, 6th Edition, 6th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.