Chapter 3

Security and Risk Management

IN THIS CHAPTER

Working through all concepts and principles of the Security and Risk Management domain

Understanding compliance, ethics, governance, security policies and procedures, business continuity planning, and risk management

Implementing security education, training, and awareness

The Security and Risk Management domain addresses many fundamental security concepts and principles, as well as compliance, ethics, governance, security policies and procedures, business continuity planning, risk management, and security education, training, and awareness. This domain represents 15 percent of the CISSP certification exam.

Understand, Adhere to, and Promote Professional Ethics

Ethics (or moral values) help describe what you should do in a given situation based on a set of principles or values. Ethical behavior is important in maintaining credibility as an information security professional and is a requirement for maintaining your CISSP certification. An organization often defines its core values (along with its mission statement) to help ensure that its employees understand what is acceptable and expected as they work to achieve the organization’s ...

Get CISSP For Dummies, 7th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CISSP For Dummies, 7th Edition by Lawrence C. Miller, Peter H. Gregory

Security and Risk Management

Understand, Adhere to, and Promote Professional Ethics

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly