Information Security Governance and Risk Management

Duration 03:00 1009 Views

INFORMATION SECURITY GOVERNANCE AND RISK MANAGEMENT

INTRODUCTION

Hello and Welcome to Lesson 1 of CISSP Certification Course by SimpliLearn! This lesson is about Information Security Governance and Risk Management.

This lesson is about the understanding of Information Security Governance and Risk Management which is one of the ten domains of the Common Body of Knowledge (CBK) for the CISSP exam.

As security professionals our job is to evaluate risks against our critical assets and deploy safeguards to mitigate them. CISSP online Training offered by Simplilearn equips professionals with all the necessary skill sets. We work in various roles as firewall engineers, penetration testers, auditors, management and the like. The common thread is risk: It is part of our job description.

Information Security Governance and Risk Management involves the identification of an organization’s information assets and the development, documentation, and implementation of policies, standards, procedures and guidelines that ensure confidentiality, integrity, and availability.

Management tools such as data classification, risk assessment, and risk analysis are used to identify the threats, classify assets, and to rate their vulnerabilities so that effective security controls can be implemented.

Risk management is the identification, measurement, control, and minimization of loss associated with uncertain events or risks. It includes overall security review, risk analysis selection and evaluation of safeguards, cost benefit analysis, management decision, safeguard implementation and effectiveness review.

In short, this domain focuses on risk analysis and mitigation. It also details security governance or the organizational structure required for a successful information security program.

The difference between organizations that are successful and those that fail is usually not tied to dollars or staff size.  It is tied to the right people in the right roles. Knowledgeable and experienced information security staff and supportive and vested leadership are the keys to success.

OBJECTIVES

The objective of (ISC) 2 for this domain is that aspirants of CISSP training are expected to understand the areas of security management concerned with identifying and securing company information which basically includes planning, organization, and roles of individuals in identifying and securing an organization’s information assets

He is also expected to understand how to create and structure guidelines, standards and procedures in support of information security policy. The development and use of policies stating management’s views and position on particular topics and the use of guidelines, standards, and procedures to support the policies


{{detail.h1_tag}}

{{detail.display_name}}
... ...

{{author.author_name}}

{{detail.full_name}}

Published on {{detail.created_at| date}} {{detail.duration}}

  • {{detail.date}}
  • Views {{detail.downloads}}
  • {{detail.time}} {{detail.time_zone_code}}

Registrants:{{detail.downloads}}

Downloaded:{{detail.downloads}}

About the On-Demand Webinar

About the Webinar

Hosted By

...

{{author.author_name}}

{{author.author_name}}

{{author.about_author}}

About the E-book

View On-Demand Webinar

Register Now!

First Name*
Last Name*
Email*
Company*
Phone Number*

View On-Demand Webinar

Register Now!

Webinar Expired

Download the Ebook

Email
{{ queryPhoneCode }}
Phone Number {{ detail.getCourseAgree?'*':'(optional)'}}

Show full article video

About the Author

{{detail.author_biography}}

About the Author

{{author.about_author}}