Chapter 3. Information Security and Risk Management

This chapter presents the following:

  • Security management responsibilities

  • Difference between administrative, technical, and physical controls

  • Three main security principles

  • Risk management and risk analysis

  • Security policies

  • Information classification

  • Security-awareness training

We hear about viruses causing millions of dollars in damages, hackers from other countries capturing credit card information from financial institutions, web sites of large corporations and governments being defaced for political reasons, and hackers being caught and sent to jail. These are the more exciting aspects of computer security, but realistically these activities are not what the average corporation or security professional ...

Get CISSP Certification All-in-One Exam Guide, Fourth Edition, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.