CISSP 2013 Domain: Information Security Governance and Risk Management

Overview/Description
Information Security Governance and Risk Management is an all encompassing domain that the information security professional must constantly be aware of. This course examines the frameworks and planning structures used to make sure that information assets are protected within an organization. This course also examines the governance, organizational structures and cultures, and the awareness training that should be imparted to employees at all levels. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)
2.5

Lesson Objectives

CISSP 2013 Domain: Information Security Governance and Risk Management

recognize responsibilities related to information security risk management

match information security principles with examples of controls used to apply them

match the components of a policy framework with their corresponding descriptions

identify methodological frameworks for implementing and auditing security controls

identify methodological frameworks for performing information security risk assessment

distinguish between the results of qualitative and quantitative risk assessments

match stages of the risk assessment process with corresponding descriptions

label examples of actions taken by a company in response to a risk as either avoidance, transfer, mitigation, or acceptance

recognize the appropriate application of risk management concepts

distinguish between risk assessment and control methodologies

identify responsibilities of an Information Security Officer

recognize the advantages and disadvantages of various reporting models

recognize how various personnel security strategies work to minimize employee risk

recognize strategies for implementing information security training

recognize the topics a computer ethics program should address

match common computer ethics fallacies to the corresponding correct views

recognize the ethical principles that all information security professionals should apply as they do their jobs

recognize how to handle organizational issues

recognize appropriate actions to implement security awareness training in your organization

recognize ethical principles that all information security professionals must apply