Security and Risk Management CISSP Domains Landscape Security and Risk Management

Information Security Governance,Risk and Compliance

Evaluate,
Direct, Why to Protect
Monitor D1:Security and Risk Management

Information Security Program

How to Protect
What to Protect D5:Identity and Access Management
D2:Asset Security D6:Security Assessment and Testing
D7:Security Operations

People

Business

ity

Int
Processes

bil

eg
ila

rit
a
Av

y
Hardware Software

Data Networks

Operating Data
Systems Centers

Information System Assets

Confidentiality

Physical

How to Build or Acquire Technical

D3:Security Architecture and Engineering The overall objective of an information security
D4:Communication and Network Security Controls program is to protect the Confidentiality,
Administrative Integrity and Availability of information and
D8:Software Development Security
Information System assets
Security and Risk Management Model Security and Risk Management

Security Fundamentals Security Governance Risk Management Compliance Frameworks

Overview Overview Concepts Laws and Regulation Overview

Security Governance vs Management Holistic Risk Management Types of Legal Systems
Information Security Third Party Governance Risk Frameworks
InfoSystems Risk Mgmt Policy Common Law Revisited
Business Mindset Documentation Review Risk Management Team NIST RMF
GRC as a Discipline Cybercrimes and Data
Risk Management Process ISO/IEC 27005
Governance Model Breaches
Vulnerabilities and Threats Overview OCTAVE
Security Objectives Enterprise Architecture Identifying Threats and Vulnerabilites FAIR
Complexities in Cybercrime
Confidentiality Organisational Structure The Evolution of Attacks
Integrity Board Level Committes Assessing Risks Information Security
International Issues
Non-Repudiation Organisational Roles and Asset Valuation Data Breaches
Frameworks
Authenticity Responsibilities
Risk Assessment Teams Import/Export Controls Security Program Frameworks
Availability Organisational Processes
Methodologies for Risk Assessment Transborder Data Flow Security Control Frameworks
Balancing the Security Human Resources
Risk Analysis Approaches Privacy
Supply Chain
Qualitative Risk Analysis Enterprise Architecture
Risks Acquisitions and Mergers Licensing and IP Requirements Frameworks
Wentz Risk Model Divestitutes Responding to Risk
Trade Secrets Need for Ent Arch Frameworks
Strategic Management
Total vs Residual Risks Copy Rights
Safeguards Levels of Strategy Zachman Framework
Countermeasure Selection and Trademarks
Strategic Alignment The Open Group Arch Framework
HIPAA Safeguards Implementation
Patents Military-Oriented Arch Framework
Security Control Frameworks Strategy Formulation Types of Controls
Internal Protection of IP
Strategic Execution
Access Control Types Control Assessments
Software Piracy Other Frameworks
Access Control Mechanism
Security Program Monitoring Risks ITIL
Reference Monitor Compliance Requirements
Security Program Implementation Six Sigma
Access Control Methods Effectiveness Monitoring
Contractual, Legal,Industry CMMI
Security Posture Aligning Security Functions to Strategy Change Monitoring Standards and Regulatory
Protection Mechanisms Strategic Alignment Compliance Monitoring Requirements
Business Enablement Risk Reporting Privacy Requirements
Security Boundary Process Enhancement Continuous Improvement Liabilities and Its Ramifications
Security Effectiveness
Security Management Supply Chain Risk Management Investigation Requirements
Business Contunuity Goals Upstream and Downstream Criminal
Approach (PDCA) Suppliers Administrative
Standards and Best Practices Security Management Planning Risks Associated with HW,SW and Civil
— Security Functions SVC
Regulatory
— Types of Plans Other Third Party Risks
Making BCM part of Ent Sec — Top-Down Approach
Minimum Security Requirements
Prgm
Policy Framework
Business Impact Analysis Policies
Regulatory
Advisory
Informative
Standards
Baselines
Guidelines
Procedures

Personnel Security
Candidate Screening and Hiring
Employee Agreement and Policies
Onboarding,Transfers and Termination
Processes
Vendors,Consultants and Contractors
Compliance Policies
Privacy Policies

Security Awareness, Education and

Training
Degree or Certification
Methods and Techniques
Periodic Content Reviews
Program Effectiveness Evaluation

Professional Ethics
ISC2 Code of Professional Ethics
Organizational Code of Ethics
The Computer Ethics Institute
Security and Risk Management Security and Risk Management

Security Fundamentals Security Governance Risk Management Compliance Personnel Security Business Continuity

Overview Overview Risk Terminology and Concepts Overview Security Awareness and Traning Continuity and Resilience
Security Governance vs Management Business Continuity
Asset Valuation Contracts Personnel Security Policies
Information Security Wentz Governance Model Organisational resilience
Business Mindset Job Descriptions and Responsibilities Event Taxonomy
Enterprise Architecture Threats and Vulnerabilites Organisational Policies
GRC as a Discipline Candidate Screening and Hiring
Organisational Resilience Planning
Threat Source Policies Employment Contracts and Policies
Objectives Organisational Structure Threat Events Standards Employee Oversight Occupant Emergency Plan
Confidentiality Security Roles and Responsibilities Threat Scenarios Baselines Onboarding and Termination Process Crisis Communication Plan
Integrity Organisational Roles and Responsibilities Vulnerability and Adverse Impact Guidelines Vendors, Consultants and Contracts Business Continuity Plan
Non-Repudiation Threat Landscape Procedures Compliance Policy Requirements Continuity of Operations Plan
Organisational Processes
Authenticity Threat Intelligence Privacy Policy Requirements IS Contingency Plan
Due Care and Due Diligence — Business Impact Analysis
Availability Human Resources
Risk Category Social Engineering Disaster Recovery Plan
Supply Chain
Risks Organisational and Professional Ethics Cyber Incident Response Plan
Divestitutes, Acquisitions and Mergers
Risk Management Frameworks Critical Infrastructure Protection Plan
Wentz Risk Model Change Management ISC2 Code of Professional Ethics
Data Classification ISO31000 Organisational Code of Ethics
Safeguards Business Continuity Management
COSO ERM
Security Program Laws and Regulations ISO 22301 BCM
HIPAA Safeguards PMI RMP
Security Control Frameworks Security Program Implementation NIST FARM Cyber Crimes BCI BCM Life Cycle

Access Control Types ISO 27005 Types of Cybercrimes DRI Professional Practices
Security Management
Access Control Mechanism Computer Laws and Crimes
Risk Glossary Business Continuity Program
Reference Monitor Goals — Evidence
— Intellectual Property Initiation
Access Control Methods Approach Cascading Risk — Privacy
Security Posture — Plan Inherent Risk Plan
— Do Challenges
Protection Mechanisms Residual Risk Do
— Check Evolution of Attacks
— Act Risk Aggregation — Advanced Persistence Threat Check
Security Boundary Security Management Planning Act
Risk Appetite
— Security Functions Security Assessment and Auditing
Risk Assessment
— Types of Plans
— Top-Down Approach Risk Attitude SoC Reports
Risk Capacity
Strategic Management Industry Standards
Risk Category
Levels of Strategy Risk Exposure SCF
Strategic Alignment Risk Factor COBIT
Strategy Formulation Risk Level ISO27K Family
Strategic Execution Risk Model
Risk Owner
Risk Profile
Risk Register
Risk Response
Risk Score
Risk Threshold
Risk Tolerance
Risk Treatment
Secondary Risk

Supply Chain Risk Management