Chapter 1. Information security governance and risk management

This first chapter in your adventure of preparing for the CISSP exam is first for a good reason. It describes how an organization would begin to address the prudent management of a business (enterprise, organization, department, or agency). This chapter describes the foundational components management must have in place to understand the nature of the business it controls, the risks it faces and their severity, and then how to assemble a framework of controls to manage those risks prudently to minimize and avoid unnecessary losses and maximize profits.

Exam objectives in this chapter:

3.1 Understand and align security function to goals, mission and objectives of the organization
3.2 Understand ...

Get CISSP Training Kit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CISSP Training Kit by David R. Miller

Chapter 1. Information security governance and risk management

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly