CISSP Cert Prep: 1 Security and Risk Management (Feb. 2018) Part 2
Learn about information security and risk management practices needed to complete the first domain of the 2018 Certified Information Systems Security Professional (CISSP) exam. CISSP is the industry's gold standard certification, necessary for many mid- and senior-level positions. This course includes coverage of key exam topics from the Security and Risk Management domain: security governance, compliance and policy issues, personnel security, threat modeling, and vendor management. Author Mike Chapple also covers the trifecta of information confidentiality, integrity, and availability. He reviews business continuity and risk management strategies, and highlights the importance of ongoing security awareness and education in any organization. 7. Threat Modeling
Topics include:
Aligning security with the business
Using control frameworks
Understanding compliance ethics
Implementing effective security policies
Planning for business continuity
Ensuring the security of employees
Managing risk
Identifying threats
Managing vendors
Building security awareness
Conducting security training
8. Vendor Management
|
|
|
|
|
|
39. Managing vendor relationships
|
40. Vendor agreements
|
41. Vendor information management
|
42. Third-party security services
|
9. Awareness and Training
|
|
|
|
|
|
43. Security policy training and procedures
|
44. Compliance training
|
45. User habits
|
46. User-based threats
|
|
|
|
||
|
47. Measuring compliance and security posture
|
48. Awareness program reviews
|
Conclusion
|
|
|||
|
49. Next steps
|