CHAPTER     1

Security and Risk Management

This chapter presents the following:

•  Security terminology and principles

•  Protection control types

•  Security frameworks, models, standards, and best practices

•  Computer laws and crimes

•  Intellectual property

•  Data breaches

•  Risk management

•  Threat modeling

•  Business continuity and disaster recovery

•  Personnel security

•  Security governance

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards—and even then I have my doubts.

—Eugene H. Spafford

In reality, organizations have many other things to do than practice security. Businesses exist to make money. Most nonprofit organizations exist to offer ...

Get CISSP All-in-One Exam Guide, Eighth Edition, 8th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.