DOMAIN 3 Risk Identification, Monitoring, and Analysis

ORGANIZATIONS FACE A WIDE range of challenges today, including ever-expanding risks to organizational assets, intellectual property, and customer data. Understanding and managing these risks are integral components of organizational success. The security practitioner is expected to participate in organizational risk management process, assist in identifying risks to information systems, and develop and implement controls to mitigate identified risks. As a result, the security practitioner must have a firm understanding of risk, response, and recovery concepts and best practices.


The following topics are addressed in this chapter:

  • Understand the risk management process
    • Risk management ...

Get The Official (ISC)2 Guide to the SSCP CBK, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.