Overview/Description
To identify the security requirements associated with identifying and protecting organizational information assets, perform the analysis techniques used in risk management, and recognize the responsibilities associated with different roles in an organization; to prepare candidates for one of the ten knowledge domains assessed in (ISC)2's CISSP certification exam
Target Audience
Mid-level and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers
Prerequisites
A minimum of four years of professional experience in the information security field or three years plus a college degree
CISSP: Information Security (replaced by course sp_cssp_a05_it_enus)
recognize the goals of security management and change control.
identify the change control mechanisms used to secure the operational environment.
recognize the objectives and criteria associated with data classification, and distinguish between information classification roles.
distinguish between policies, standards, baselines, and guidelines.
recognize best practices and procedures for dealing with different aspects of employee relations.
determine the appropriate security procedures for hiring a new employee in a given scenario.
identify the principles of risk management, distinguish between planning types, and recognize what's involved in the analysis of different threats and vulnerabilities.
calculate the potential loss expectancy and the cost of countermeasures used for risk reduction in a given scenario.
calculate the loss expectancy associated with an information asset, perform a cost-benefit analysis, and determine how to handle the risk depending on the outcome of the countermeasure.
identify the security-related responsibilities associated with different roles within an organization.