CISSP® CBK® Review:
Information Security & Risk Management Domain
CISSP® CBK® Review:
Information Security & Risk Management Domain
Key Area of Knowledge
- Terms, Definition, and Concept associated with Information Security Management
- Policies, Standards, Procedures, and Guidelines
- System Development Life Cycle (SDLC)
- Identification of information assets (tangible & intangible)
- Information Classification & Protection Level
- Security Concept of Operations (CONOPS) & Rules of Behavior
- Risk Management Processes: Assessment, Mitigation & Evaluation
- Security Requirements: Functional & Assurance
- Information Systems Security Engineering (ISSE) Process
- Security Controls & Countermeasures
· Types of Security Controls
· Classes of Security Controls
· Families of Security Controls
- Defense-in-Depth Principle
- Security Certification & Accreditation (C&A) Process
- Security Test & Evaluation (ST&E)
- Security Audit & Assessment
· Verification & Validation of Security Controls & Countermeasures for defined Security Requirements
· Assessment of potential Vulnerabilities & Exposures
- Change Control Process for Configuration Management of Baseline Architecture
- Personnel Security
- Security Education, Training & Awareness
- Project Management
Class Material
- Presentation (133 pages) (pptx, pdf)
- Post-Class Quiz (13 pages) (pdf)
- Answers to Post-Class Quiz (13 pages) (pdf)