CISSP Cert Prep (2021): 1 Security and Risk Management
2h 53mAdvanced2022-11-10
Authors

Mike Chapple
Teaching Professor at the University of Notre Dame
Course details
Learn about information security and risk management practices needed to complete the first domain of the 2021 Certified Information Systems Security Professional (CISSP) exam. CISSP is the industry's gold standard certification, necessary for many mid- and senior-level positions. This course includes coverage of key exam topics from the Security and Risk Management domain: security governance, compliance and policy issues, personnel security, threat modeling, and vendor management. Author Mike Chapple also covers the trifecta of information confidentiality, integrity, and availability. He reviews business continuity and risk management strategies, and highlights the importance of ongoing security awareness and education in any organization.
Skills covered
Vulnerability ManagementNetwork SecurityCybersecurityCert Prep
Concepts
0. Introduction
- 01 - Security and risk management
- 02 - What you need to know
- 03 - Study resources
1. Security Fundamentals
- 04 - The goals of information security
- 05 - Confidentiality
- 06 - Integrity
- 07 - Availability
2. Security Governance
- 08 - Aligning security with the business
- 09 - Organizational processes
- 10 - Security roles and responsibilities
- 11 - Control frameworks
3. Compliance and Ethics
- 12 - Legal and compliance risks
- 13 - Data privacy
- 14 - Computer crimes
- 15 - Software licensing
- 16 - Intellectual property
- 17 - Import and export controls
- 18 - Data breaches
- 19 - Ethics
4. Security Policy
- 20 - Security policy framework
- 21 - Security policies
5. Business Continuity
- 22 - Business continuity planning
- 23 - Business continuity controls
- 24 - High availability and fault tolerance
6. Personnel Security
- 25 - Personnel security
- 26 - Security in the hiring process
- 27 - Employee termination process
- 28 - Employee privacy
- 29 - Social networking
- 30 - Conducting investigations
7. Risk Management
- 31 - Risk assessment
- 32 - Quantitative risk assessment
- 33 - Risk management
- 34 - Security control selection and implementation
- 35 - Ongoing risk management
- 36 - Risk management frameworks
- 37 - Risk visibility and reporting
8. Threat Modeling
- 38 - Threat intelligence
- 39 - Intelligence sharing
- 40 - Identifying threats
- 41 - Threat hunting
9. Supply Chain Risk Management
- 42 - Managing vendor relationships
- 43 - Vendor agreements
- 44 - Vendor information management
- 45 - Vendor audits and assessments
- 46 - Cloud audits
- 47 - Security service providers
10. Awareness and Training
- 48 - Security awareness training
- 49 - Compliance training
- 50 - User habits
- 51 - Measuring compliance and security posture
Conclusion
- 52 - Continuing your studies
Related courses
- CISSP Cert Prep (2021): 6 Security Assessment and Testing
- CISSP Cert Prep (2021): 7 Security Operations
- CISSP Cert Prep (2021): The Basics
- CISSP Cert Prep (2021): 2 Asset Security
- CISSP Cert Prep (2021): 3 Security Architecture and Engineering
- CISSP Cert Prep (2021): 4 Communication and Network Security
- CISSP Cert Prep (2021): 8 Software Development Security
- CISSP Cert Prep (2021): 5 Identity and Access Management