Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

CISSP training video: Control objectives, risk management and analysis

In this CISSP Essentials Security School presentation, Shon Harris outlines the importance of control objectives, metrics, and risk management and analysis in the CISSP Information Security Governance and Risk Management domain.

The Certified Information Systems Security Professional (CISSP) Information Security Governance and Risk Management domain within the Common Body of Knowledge (CBK) goes into great depth, detailing control objectives, process improvement models, metrics and risk management and analysis techniques.

In the last of a special three-part multimedia presentation from SearchSecurity's CISSP Essentials Security School, expert exam trainer Shon Harris, CEO and founder of Logical Security, begins by defining security controls and explaining why they are critical to protecting assets. Harris then discusses how COBIT maps controls to business needs and outlines two standards (ISO/IEC 27004 and NIST 800-55) that provide guidelines for developing and tracking performance in an information security management system.

Next, the presentation covers the importance of process improvement and three of the major process management models: Information Technology Infrastructure Library, Six Sigma and Capability Maturity Model Integration.

Harris then discusses risk management and analysis, including different risk analysis approaches (quantitative vs. qualitative) and two standards for implementing and following a risk management program (ISO/IEC 27005 and NIST 800-30). Harris concludes with a brief review of the entire information security and risk management CISSP domain.

Watch the video

This multimedia presentation features not only seminar-style instruction, but also interactive components students can use to reinforce the most critical topics within the domain. Throughout the video, there are sections where students must pause to explore additional domain concepts. The volume can be adjusted on the lower left-hand corner of the video screen; controls to go back to view previous slides or skip ahead can be found on the lower right-hand corner of the video screen.

Video length: Approx. 35 to 40 minutes

Bookmark this page to watch the video later.

CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as (ISC)2.

Next Steps

NEXT: Test your knowledge with the Information Security, Governance and Risk Management domain quiz

BACK: Watch the previous video from this domain on enterprise architecture.

BACK: Read the spotlight article on information security governance and risk management

START: Return to the CISSP Essentials Security School homepage

This was last published in September 2014

Dig Deeper on CISSP certification