Manage Learn to apply best practices and optimize your operations.

CISSP Essentials: Domain 1, Information Security Governance and Risk Management

In this CISSP Essential Security School lesson, learn about security management practices for securing information and assets.

Security management embodies the administrative and procedural activities designed to secure corporate assets and...

information company-wide. Fundamentally, information security assurance is a business issue that must be addressed in the context of the enterprise business framework.

In this CISSP Essentials Security School lesson, Domain 1, Information Security Governance and Risk Management, expert CISSP exam trainer Shon Harris details how security management facilitates an enterprise's security vision by formalizing the infrastructure, defining the activities, and applying the tools and techniques necessary to control, monitor and coordinate security efforts across an organization.

Domain 1 spotlight article

This lesson begins with a special Domain 1 spotlight article, which reflects the significant change this domain has undergone in recent years. Learn about strategies, tools and techniques used for . Specific areas of emphasis include information security management systems, enterprise architecture frameworks, security control objectives, process improvement models, risk management, and finally security metric systems.

Domain 1 training video: The AIC triad, ISMS, ISO 27000 series

After reading the spotlight article, watch the first of three Domain 1 training videos, which introduces three critical concepts of the Information Security Governance and Risk Management domain: the AIC triad, information security management systems (ISMS) and the ISO 27000 series of standards.

Domain 1 training video: Security enterprise architecture

Next watch the second of our three Domain 1 training videos, which details enterprise architectures and their importance to a holistic approach to enterprise security. Among other topics, this video covers how the enterprise architecture is the tool that gives insight into not only how an organization works internally, but also how it interacts with external elements, as well as how an information security management system and an enterprise security architecture integrate to create governance.

Domain 1 training video: Control objectives, risk management and analysis

In the third of our three Domain 1 training videos, learn control objectives, process improvement models, metrics and risk management and analysis techniques. Specific points of emphasis include key standards for tracking information security program performance, three of the major process management models, and risk analysis standards and approaches.

Domain 1 quiz: Information security governance and risk management

Finally, after reading the spotlight article and watching the three videos, test your comprehension of this material with our Domain 1, Information Security Governance and Risk Management quiz to test your knowledge of Domain 1.

About CISSP Essentials

SearchSecurity's CISSP Essentials series of CISSP certification training lessons offers a comprehensive introduction to not only the CISSP exam, but also the knowledge needed to succeed in the information security profession. Each lesson, which contains a spotlight article, one or more video lectures and a practice quiz, corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge" -- the essential elements each CISSP-certified practitioner must know.

CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as ISC(2).

Next Steps

NEXT after completing this lesson, proceed to Domain 2: Access Control.

RETURN to SearchSecurity's CISSP Essentials Security School main page.

This was last published in September 2014

Dig Deeper on CISSP certification