Chapter 3. Information Security Governance & Risk Management

The Information Security Governance & Risk Management domain is a key domain within the CISSP candidate information bulletin and includes a longer objectives list than most other domains. You’ll be expected to understand many elements of an organization’s security program, with a focus on protecting information technology (IT) assets. This starts with a clear understanding of an organization’s goals, mission, and objectives and then the development of security policies, standards, and procedures to support the mission of the organization. Risk management is an ongoing process that identifies asset values and then attempts to identify and prioritize risks to these assets. You’ll find ...

Get CISSP Rapid Review now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.