CISSP Domain – Information Security Governance and Risk Management

This course is included in our On-demand training solution.


Information Security Governance and Risk Management is an all encompassing domain that the information security professional must constantly be aware of. This course examines the frameworks and planning structures used to make sure that information assets are protected within an organization. This course also examines the governance, organizational structures and cultures, and the awareness training that should be imparted to employees at all levels. This course guides you through the Common Body of Knowledge (CBK) recommended by the International Information Systems Security Certification Consortium (ISC2) for its Certified Information Systems Security Professional (CISSP) certification. The CISSP credential certifies student expertise in ten different knowledge domains.

Target Audience

Mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs, or Senior Security Engineers


Expected Duration

150 min.

Course Objectives

Information Security Management Governance

  • recognize responsibilities related to information security risk management
  • match information security principles with examples of controls used to apply them
  • match the components of a policy framework with their corresponding descriptions
  • Security Control and Risk Assessment Methodologies

  • identify methodological frameworks for implementing and auditing security controls
  • identify methodological frameworks for performing information security risk assessment
  • Risk Management and Risk Assessment

  • distinguish between the results of qualitative and quantitative risk assessments
  • match stages of the risk assessment process with corresponding descriptions
  • label examples of actions taken by a company in response to a risk as either avoidance, transfer, mitigation, or acceptance
  • Practicing Risk Management Concepts

    Reporting Models and the ISO

  • identify responsibilities of an Information Security Officer
  • recognize the advantages and disadvantages of various reporting models
  • Personnel Security

  • recognize how various personnel security strategies work to minimize employee risk
  • Awareness Training

  • recognize strategies for implementing information security training
  • Information Security Ethics

  • recognize the topics a computer ethics program should address
  • match common computer ethics fallacies to the corresponding correct views
  • recognize the ethical principles that all information security professionals should apply as they do their jobs
  • Practicing Secure Behavior within the Organization