Security and Risk Management Domain
This domain represents 15 percent of the CISSP certification exam.
This section has covers about the following:
- Security Policies and Procedures
- Business Continuity Planning
- Risk Management
- Security Education
Information or data is an important asset of an organization.
This page and next pages covers the concepts & application of confidentiality and also integrity & availability based on the application of security governance principles, policies & standards.
Security governance & accountability framework, aligns the process of an organization with the strategies, manages the responsibilities and deploys the standards and policies to for securing assets.
There are good security principles of governance that includes the following:
- Organizational processes
- Alignment of Security Function to Business Strategy, Goals, Mission and Objectives
- Control Tools
- Security Roles
- Due Care
- Due Diligence