O'Reilly logo

CISSP Cert Guide by Robin Abernathy, Troy McMillan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4. Information Security Governance and Risk Management

This chapter covers the following topics:

Security principles and terms: Principles and terms discussed include CIA, vulnerability, threat, threat agent, risk, exposure, countermeasure, due care, due diligence, job rotation, and separation of duties.

Security frameworks and methodologies: Frameworks and methodologies discussed include ISO/IEC 27000 series, CobiT, NIST 800-53, COSO, ITIL, Six Sigma, and CMMI.

Risk assessment: Assessment topics discussed include information and asset (tangible/intangible) value and cost, quantitative risk analysis, qualitative risk analysis, steps in risk assessment, total risk versus residual risk, and handling risk.

Risk management principles ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required