CISSP® CBK® Review:

Information Security & Risk Management Domain

Welcome    Why?    Training    Games    ChangeBlog    External Resources    Submit Content

 

Key Area of Knowledge

-        Terms, Definition, and Concept associated with Information Security Management

-        Policies, Standards, Procedures, and Guidelines

-        System Development Life Cycle (SDLC)

-        Identification of information assets (tangible & intangible)

-        Information Classification & Protection Level

-        Security Concept of Operations (CONOPS) & Rules of Behavior

-        Risk Management Processes: Assessment, Mitigation & Evaluation

-        Security Requirements: Functional & Assurance

-        Information Systems Security Engineering (ISSE) Process

-        Security Controls & Countermeasures

·          Types of Security Controls

·          Classes of Security Controls

·          Families of Security Controls

-        Defense-in-Depth Principle

-        Security Certification & Accreditation (C&A) Process

-        Security Test & Evaluation (ST&E)

-        Security Audit & Assessment

·          Verification & Validation of Security Controls & Countermeasures for defined Security Requirements

·          Assessment of potential Vulnerabilities & Exposures

-        Change Control Process for Configuration Management of Baseline Architecture

-        Personnel Security

-        Security Education, Training & Awareness

-        Project Management

 

Class Material

-        Presentation (133 pages) (pptx, pdf)

-        Post-Class Quiz (13 pages) (pdf)

-        Answers to Post-Class Quiz (13 pages) (pdf)


<Return to Main CISSP Page>