(Security, Risk, Compliance, Law, Regulations, Business Continuity)
This specific domain covers the basic principles of computer security
It also covers Risk Management topics to include:
Risk management will continue to be a critical topic. This topic will be explored thoroughly to include:
- Risk Analysis
- Countermeasure Selection
- Risk Monitoring
- Risk Reporting
- Risk Frameworks.
- Risk Treatment
- Risk Management
Acquisition and Management of:
- Service Contracts
Moreover, we will cover Security Governance and Security Compliance.
Like all ISC2 exams, you will be tested upon ethical considerations in general and the ISC2 code of ethics. This is because CISSP's cover a unique position of trust.
We will also cover the traditional aspects of a CISSP's role to include Policies and Procedures within their complete life-cycle to include
- Aligning Policies/Procedures to Business Objectives
- Designing Policies/Procedures
- Developing Policies/Procedures
- Implementing Policies/Procedures
- Monitoring Policies/Procedures
- Compliance with Policies/Procedures
Other topics now included within this domain are:
- Requirements Gathering
- Business Impact Analysis
- Recovery Point Objectives
Lastly, you will learn areas of Personnel Security Policies, Security Education, Training and Awareness Programs.
Do NOT attempt the exam until you thoroughly understand the following CIB/CBK topics.
- Understand and apply concepts of Confidentiality, Integrity and Availability
- Apply Security Governance Principles through:
- Understand legal and Regulatory issues that pertain to information Security in Global Context
- Understand Professional Ethics
- Develop and Implement documented security policy, standards, procedures and guidelines
- Understand Business Continuity Requirements
- Contribute to Personnel Security Policies
- Understand and apply risk management concepts
- Understand and Apply threat modeling
- Integrate Security Risk Considerations into acquisition strategy and practice
- Establish and manage IS security Education, Training and Awareness