Security School

Get started Bring yourself up to speed with our introductory content.

CISSP Domain 1: Cybersecurity and risk management

Learn tips and strategies for addressing governance, risk management and compliance covered in Domain 1 of the CISSP exam.


Ancient Greek philosopher Heraclitus wisely posited that change is the only constant in life. Although his words are about 2,500 years old, the concept remains fresh and familiar for anyone who works in information security, particularly in the areas of governance, risk management and compliance (GRC).

Infosec pros must not only keep up with rapidly emerging and escalating threats, but they must also ensure that enterprise data and systems meet continually evolving privacy requirements imposed by governmental and regulatory bodies. Understanding information security management principles is the first step to confronting these challenges.

In this Security School, based on (ISC)² CISSP training material on Domain 1 of the exam, learn about important GRC requirements and concepts, as well as top-down and bottom-up approaches that infosec pros can use to effectively apply information security management principles in the enterprise. In his tip and video, expert Adam Gordon shows how the path to an effective GRC strategy is paved with proficiency in privacy, data integrity and compliance needs. Complex and overlapping demands are best understood and addressed when information security teams and business leaders work in partnership, he explains.

Once you've reviewed the parts of this Security School on governance, risk management and compliance, take the quiz to see how much you have learned about information security management principles, priorities and tactics.  

View our Security School Course Catalog to view more schools.

CISSP® is a registered mark of (ISC)².

1Learning links-

Dive into information security management principles and strategies

The lack of an effective GRC strategy can have devastating consequences for an enterprise, ranging from heavy fines to legal actions to operational failures. The following lessons of this Security School explore information security management principles that can help avoid these worst-case scenarios.


As privacy requirements evolve, CISSPs must stay informed

Just as technology constantly changes, so too do the laws and regulations that govern data privacy. CISSPs must remain aware of their organization's individual requirements. Continue Reading


IT security governance fosters a culture of shared responsibility

Effective information security governance programs require a partnership between executive leadership and IT. All parties work toward a common goal of protecting the enterprise. Continue Reading


CISSP domain 1 quiz: Security and risk management

Test your knowledge of the CISSP exam’s Domain 1: Security and Risk Management -- one of the heaviest-weighted portions of the test -- with this practice quiz. Continue Reading

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.