The Certified Information Systems Security Professional (CISSP) Information Security Governance and Risk Management domain within the Common Body of Knowledge has evolved greatly over the years due to the increasing sophistication and changing demands of the information security industry. It is vital that security professionals be aware of these changes in order to streamline resources, maintain security and avoid potential breaches.
In the first of a special three-part multimedia presentation from SearchSecurity's CISSP Essentials Security School, expert exam trainer Shon Harris, CEO and founder of Logical Security, introduced students to three critical concepts of the Information Security Governance and Risk Management domain: the AIC triad, information security management systems (ISMS) and the ISO 27000 series of standards.
The AIC triad outlines the overarching mission information security professionals need to achieve within their organizations: protecting the availability, integrity and confidentiality of assets for which they are responsible. Harris discussed the control types for providing AIC protection, how to know which assets need to be protected and the types of defenses they need, as well as the two different approaches to security management: top-down and bottom-up.
Next, Harris introduced students to the concept of an ISMS -- commonly referred to as an enterprise security program -- and explained how the ISO 27000 series of standards outlines best practices on information security management, potential risks, and the proper controls within the context of an information security program.
Watch the video
This multimedia presentation features not only seminar-style instruction, but also interactive components students can use to reinforce the most critical topics within the domain. Throughout the video, there are sections where students must pause to explore additional domain concepts. The volume can be adjusted on the lower left-hand corner of the video screen; controls to go back to view previous slides or skip ahead can be found on the lower right-hand corner of the video screen.
Video length: Approx. 35 - 40 minutes
CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as (ISC)2.
NEXT: View the second video presentation in this domain on enterprise architecture
BACK: Read the spotlight article on information security governance and risk management
START: Return to the CISSP Essentials Security School homepage