Looking for study partners?Join the CISSP Exam study group
Learn about information security and risk management practices needed to complete the first domain of the 2018 Certified Information Systems Security Professional (CISSP) exam. CISSP is the industry's gold standard certification, necessary for many mid- and senior-level positions. This course includes coverage of key exam topics from the Security and Risk Management domain: security governance, compliance and policy issues, personnel security, threat modeling, and vendor management. Author Mike Chapple also covers the trifecta of information confidentiality, integrity, and availability. He reviews business continuity and risk management strategies, and highlights the importance of ongoing security awareness and education in any organization.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A complete learning path will be available once all the courses are released.
- Aligning security with the business
- Using control frameworks
- Understanding compliance ethics
- Implementing effective security policies
- Planning for business continuity
- Ensuring the security of employees
- Managing risk
- Identifying threats
- Managing vendors
- Building security awareness
- Conducting security training
Skill Level Advanced
- [Mike Voiceover] Hi, I'm Mike Chapple, and I'd like to welcome you to our CISSP Security and Risk Management Course. The Certified Information Systems Security Professional, or CISSP, certification is the gold standard for information security certification. You'll find that the CISSP is a core requirement for many mid and senior level cyber security positions. Earning the CISSP requires demonstrating that you have sufficient work experience and passing an exam covering the eight domains of information security.
This course covers the first of those eight domains, Security and Risk Management. 15% of the questions on the CISSP exam come from this domain. I have two decades of experience as an information security professional, and I have been involved in CISSP training and certification for most of those. As you work your way through this course, you might find it helpful to have two books that I've written by your side. The first is the Official CISSP Study Guide, available from Sybex.
This book is approved by (ISC)² as the official study guide for the exam, and it contains context that supplements this course and will help you be prepared when you take the exam. The second book you'll want is the Official CISSP Practice Tests, also available from Sybex. This book contains over 1,300 practice exam questions designed to mimic those on the actual exam. It has an entire chapter dedicated to questions from each domain, along with two full-length practice tests to help you assess your progress.
As we work our way through this course, we will focus on each topic covered in the first domain. We'll review the concepts of confidentiality, integrity, and availability in information security. We'll also cover security governance and risk management issues as well as the legal regulatory and compliance environment affecting security professionals. You'll learn about the importance of security policies and the security awareness and education framework. That's just a small sampling of the many topics covered in this course.
These topics, combined with the information you learn in our other CISSP courses, will help you pass the CISSP exam and also provide a critical foundation for your career in information security. In addition to using this course and the companion books to prepare for the exam, I encourage you to visit my website at certmike.com and sign up for my free CISSP study group. I'll send you weekly emails guiding you through the exam preparation process and offering you test-taking tips to get ready for the exam.