CHAPTER 1Information Security and Risk Management

This domain includes questions from the following topics:

• Security management responsibilities

• Difference between administrative, technical, and physical controls

• Three main security principles

• Risk management and risk analysis

• Security policies

• Information classification

• Security-awareness training

A security professional’s responsibilities extend well beyond reacting to the virus and hacker news that make headlines. Their day-to-day responsibilities are far less exciting on the surface but are vital to keeping organizations protected against intrusions so that their companies don’t become the next headline. The role of security within an organization is a complex one, as it touches ...

Get CISSP Practice Exams now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.