CISSP: Security and Risk Management

(Security, Risk, Compliance, Law, Regulations, Business Continuity)

This specific domain covers the basic principles of computer security

  • Confidentiality
  • Integrity
  • Availability
  • Identification
  • Authentication
  • Authorization
  • Accounting
  • etc…

It also covers Risk Management topics to include:

  • Assets
  • Treats
  • Risks
  • Vulnerabilities

Risk management will continue to be a critical topic.  This topic will be explored thoroughly to include:

  • Risk Analysis
  • Countermeasure Selection
  • Implementation
  • Risk Monitoring
  • Risk Reporting
  • Risk Frameworks.
  • Risk Treatment
  • Risk Management
  • Acquisition and Management of:

    • Hardware
    • Software
    • Service Contracts

Moreover, we will cover Security Governance and Security Compliance.

Like all ISC2 exams, you will be tested upon ethical considerations in general and the ISC2 code of ethics.  This is because CISSP's cover a unique position of trust.

We will also cover the traditional aspects of a CISSP's role to include Policies and Procedures within their complete life-cycle to include

  • Aligning Policies/Procedures to Business Objectives
  • Designing Policies/Procedures
  • Developing Policies/Procedures
  • Implementing Policies/Procedures
  • Monitoring Policies/Procedures
  • Compliance with Policies/Procedures

Other topics now included within this domain are:

  • Requirements Gathering
  • Business Impact Analysis
  • Recovery Point Objectives

Lastly, you will learn areas of Personnel Security Policies, Security Education, Training and Awareness Programs.

Do NOT attempt the exam until you thoroughly understand the following CIB/CBK topics.

  1. Understand and apply concepts of Confidentiality, Integrity and Availability
  2. Apply Security Governance Principles through:
  3. Compliance
  4. Understand legal and Regulatory issues that pertain to information Security in Global Context
  5. Understand Professional Ethics
  6. Develop and Implement documented security policy, standards, procedures and guidelines
  7. Understand Business Continuity Requirements
  8. Contribute to Personnel Security Policies
  9. Understand and apply risk management concepts
  10. Understand and Apply threat modeling
  11. Integrate Security Risk Considerations into acquisition strategy and practice
  12. Establish and manage IS security Education, Training and Awareness


  1. Ola - Reply

    Hi Leo,

    I watched a couple of your youtube videos and found them compelling. I tried to register on your site but it’s giving me a capcha error message even though there was no capcha

    • thecode - Reply


      What certification are you working on?

      What were you trying to sign up for?

      You can reply to [email protected] or connect on Linkedin as these are the two best ways to get a hold of me faster.



Leave Comment

Your email address will not be published. Required fields are marked *