Get started Bring yourself up to speed with our introductory content.

CISSP training video: The AIC triad, ISMS, ISO 27000 series

In this CISSP Essentials Security School presentation, expert Shon Harris discusses three key components of the CISSP Information Security Governance and Risk Management domain: the AIC triad, ISMS and the ISO 27000 series.

The Certified Information Systems Security Professional (CISSP) Information Security Governance and Risk Management domain within the Common Body of Knowledge has evolved greatly over the years due to the increasing sophistication and changing demands of the information security industry. It is vital that security professionals be aware of these changes in order to streamline resources, maintain security and avoid potential breaches.

In the first of a special three-part multimedia presentation from SearchSecurity's CISSP Essentials Security School, expert exam trainer Shon Harris, CEO and founder of Logical Security, introduced students to three critical concepts of the Information Security Governance and Risk Management domain: the AIC triad, information security management systems (ISMS) and the ISO 27000 series of standards.

The AIC triad outlines the overarching mission information security professionals need to achieve within their organizations: protecting the availability, integrity and confidentiality of assets for which they are responsible. Harris discussed the control types for providing AIC protection, how to know which assets need to be protected and the types of defenses they need, as well as the two different approaches to security management: top-down and bottom-up.

Next, Harris introduced students to the concept of an ISMS -- commonly referred to as an enterprise security program -- and explained how the ISO 27000 series of standards outlines best practices on information security management, potential risks, and the proper controls within the context of an information security program.

Watch the video

This multimedia presentation features not only seminar-style instruction, but also interactive components students can use to reinforce the most critical topics within the domain. Throughout the video, there are sections where students must pause to explore additional domain concepts. The volume can be adjusted on the lower left-hand corner of the video screen; controls to go back to view previous slides or skip ahead can be found on the lower right-hand corner of the video screen.

Video length: Approx. 35 - 40 minutes

CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as (ISC)2.

Next Steps

NEXT: View the second video presentation in this domain on enterprise architecture

BACK: Read the spotlight article on information security governance and risk management

START: Return to the CISSP Essentials Security School homepage

This was last published in September 2014

Dig Deeper on CISSP certification