Security and Risk Management – First CISSP Objective

CISSP has been distributed into eight major network security objectives, which includes:

  1. Security & Risk Management
  2. Asset Security
  3. Security Engineering
  4. Communication & Network Security
  5. Identity & Access Management
  6. Security Assessment & Testing
  7. Security Operations
  8. Software Development Security

The 15% of the Exam Questions are taken from the Security & Risk Management domain in the CISSP certification exam. The domain has been divided further into 12 objectives that you should be able to understand.

You should be able to apply and understand the following 12 objectives of the first CISSP domain.

  1. Confidentiality, Integrity & Availability – The CIA Triad
  2. Second objective includes Security Governance Principles, Organizational Processes, Security Roles, Security Control Frameworks
  3. Third objective covers Legislative, Regulatory Compliance of Cyber Security & Privacy
  4. Fourth objective covers Computer Crimes, Licensing, Intellectual property, import/export controls, internal and external data flows, privacy and data breaches.
  5. Code of Ethics is covered in fifth objectives.
  6. Sixth objective enable you to develop, maintain and implement a documented security policy for your organization according to international/national security standards and guidelines.
  7. Business continuity planning, business impact analysis are covered in the seventh objective.
  8. Eighth objective explains the Personnel security policies, employment policies, consistent process for terminations, screening controls for job candidates, vendors/contractors and consultants screening etc.
  9. You will learn about how to identify vulnerabilities & potential threats, how to apply security controls to manage risks, and how to identify potential threats and vulnerabilities by performing risk assessments.
  10. How to perform threat modeling to asses potential attacks and mitigate risks and defuse those attacks by various methods are covered in objective ten.
  11. This objective covers how to integrate security risks considerations into your organizations’s best practices and in its strategy and mission.
  12. Establishing an Information Security Education & Awareness program is part of the final objective in Security & Risk Management.

CISSP, CISSP Certification Objectives, Network Security

Leave a Reply

Your email address will not be published. Required fields are marked *

For Inspirations, Special Offers and Much More

  • Services
  • Network Security
  • System Administration
  • Contact

© 2008 - 2022. All Rights Reserved