Chapter 10. Information Security Governance and Risk Management

Terms you’ll need to understand

Confidentiality

Integrity

Availability

Threat

Vulnerability

Public/private data classification

Government data classification

Risk

Single loss expectancy (SLE)

Annual rate of occurrence (ARO)

Residual risk

Annual loss expectancy (ALE)

Techniques you’ll need to master

Risk management

Security management concepts

Qualitative risk analysis

Quantitative risk analysis

Hybrid risk analysis

Resource protection techniques

The role of polices, procedures, guidelines, and baselines

Data-classification criteria

Security roles

Risk calculations

Introduction

Information security and risk management identifies an organization’s ...

Get CISSP Exam Cram, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial