CISSP 2013 Domain: Information Security Governance and Risk Management

Target Audience
Expected Duration
Lesson Objectives
Course Number

Information Security Governance and Risk Management is an all encompassing domain that the information security professional must constantly be aware of. This course examines the frameworks and planning structures used to make sure that information assets are protected within an organization. This course also examines the governance, organizational structures and cultures, and the awareness training that should be imparted to employees at all levels. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains and covers the most recent key areas of knowledge as outlined in the Candidate Information Bulletin (CIB) effective date: January 1, 2012.

Target Audience
Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers

Expected Duration (hours)

Lesson Objectives

CISSP 2013 Domain: Information Security Governance and Risk Management

  • recognize responsibilities related to information security risk management
  • match information security principles with examples of controls used to apply them
  • match the components of a policy framework with their corresponding descriptions
  • identify methodological frameworks for implementing and auditing security controls
  • identify methodological frameworks for performing information security risk assessment
  • distinguish between the results of qualitative and quantitative risk assessments
  • match stages of the risk assessment process with corresponding descriptions
  • label examples of actions taken by a company in response to a risk as either avoidance, transfer, mitigation, or acceptance
  • recognize the appropriate application of risk management concepts
  • distinguish between risk assessment and control methodologies
  • identify responsibilities of an Information Security Officer
  • recognize the advantages and disadvantages of various reporting models
  • recognize how various personnel security strategies work to minimize employee risk
  • recognize strategies for implementing information security training
  • recognize the topics a computer ethics program should address
  • match common computer ethics fallacies to the corresponding correct views
  • recognize the ethical principles that all information security professionals should apply as they do their jobs
  • recognize how to handle organizational issues
  • recognize appropriate actions to implement security awareness training in your organization
  • recognize ethical principles that all information security professionals must apply
  • Course Number: