CISSP Essentials

CISSP Essentials: Domain 1, Information Security Governance and Risk Management

In this all-new CISSP Essential Security School lesson, learn about security management practices for securing information and assets.

Security management embodies the administrative and procedural activities designed to secure corporate assets and...

information company-wide. Fundamentally, information security assurance is a business issue that must be addressed in the context of the enterprise business framework.

In this CISSP Essentials Security School lesson, Domain 1, Information Security Governance and Risk Management, expert CISSP exam trainer Shon Harris details how security management facilitates an enterprise's security vision by formalizing the infrastructure, defining the activities, and applying the tools and techniques necessary to control, monitor and coordinate security efforts across an organization.

Domain 1 spotlight article

This lesson begins with a special Domain 1 spotlight article, which reflects the significant change this domain has undergone in recent years. Learn about strategies, tools and techniques used for . Specific areas of emphasis include information security management systems, enterprise architecture frameworks, security control objectives, process improvement models, risk management, and finally security metric systems.

Domain 1 training video: The AIC triad, ISMS, ISO 27000 series

After reading the spotlight article, watch the first of three Domain 1 training videos, which introduces three critical concepts of the Information Security Governance and Risk Management domain: the AIC triad, information security management systems (ISMS) and the ISO 27000 series of standards.

Domain 1 training video: Security enterprise architecture

Next watch the second of our three Domain 1 training videos, which details enterprise architectures and their importance to a holistic approach to enterprise security. Among other topics, this video covers how the enterprise architecture is the tool that gives insight into not only how an organization works internally, but also how it interacts with external elements, as well as how an information security management system and an enterprise security architecture integrate to create governance.

Domain 1 training video: Control objectives, risk management and analysis

In the third of our three Domain 1 training videos, learn control objectives, process improvement models, metrics and risk management and analysis techniques. Specific points of emphasis include key standards for tracking information security program performance, three of the major process management models, and risk analysis standards and approaches.

Domain 1 quiz: Information security governance and risk management

Finally, after reading the spotlight article and watching the three videos, test your comprehension of this material with our Domain 1, Information Security Governance and Risk Management quiz to test your knowledge of Domain 1.

About CISSP Essentials

SearchSecurity's CISSP Essentials series of CISSP certification training lessons offers a comprehensive introduction to not only the CISSP exam, but also the knowledge needed to succeed in the information security profession. Each lesson, which contains a spotlight article, one or more video lectures and a practice quiz, corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge" -- the essential elements each CISSP-certified practitioner must know.

About Shon Harris:
Shon HarrisShon Harris is the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor and an author. She has authored several international best-selling books on information security published by McGraw-Hill and Pearson which have sold over a million copies and have been translated into six languages. Ms. Harris authors academic textbooks for various publishers and articles for trade magazines.

Ms. Harris has consulted for a large number of organizations in every business sector (financial, medical, retail, entertainment, utility) and several U.S. government agencies over the last 18 years. Ms. Harris provides high-end, advanced and specialized consulting for organizations globally. She also works directly with law firms as a technical and expert witness on cases that range from patent infringement, criminal investigations, civil lawsuits and she specializes in cryptographic technologies. Ms. Harris was recognized as one of the top 25 women in the information security field by Information Security magazine.

CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as ISC(2).

Next Steps

NEXT after completing this lesson, proceed to Domain 2: Access Control.

RETURN to SearchSecurity's CISSP Essentials Security School main page.

This was first published in September 2014

Dig Deeper on CISSP Certification



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: