DOMAIN 3 Risk Identification, Monitoring, and Analysis

ORGANIZATIONS FACE A WIDE range of challenges today, including ever-expanding risks to organizational assets, intellectual property, and customer data. Understanding and managing these risks are integral components of organizational success. The security practitioner is expected to participate in organizational risk management process, assist in identifying risks to information systems, and develop and implement controls to mitigate identified risks. As a result, the security practitioner must have a firm understanding of risk, response, and recovery concepts and best practices.


The following topics are addressed in this chapter:

  • Understand the risk management process
    • Risk management ...

Get The Official (ISC)2 Guide to the SSCP CBK, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.