Information Security and Risk Management are analogous to each other. Information security is to preserve Confidentiality, Integrity, and Availability (CIA) of organizational assets. Risk management is to identify the threats and vulnerabilities that could impact the information security and devise suitable controls to mitigate these risks. We will be discussing important concepts in this domain in the next two chapters.
A candidate appearing for the CISSP exam is expected to have broad knowledge and understanding of the following areas in the "Information Security and Risk Management" domain: