CISSP Domain 1: Security and Risk Management

The first domain according to the CISSP exam outline I am approaching during my CISSP exam preparation study is called ‘Security and Risk Management”. 

My initial thoughts on this chapter: ‘Ufff, It sounds a too boring, I am actually rather interested into some techie stuff and Keep my hands engaged in configuration, troubleshooting’. But in reality, It turns out that chapter is written very nicely and systemically. It contains nice explanation about Important security concepts. This builds the framework for other chapters and respective domains. Also, Domain 1 consists of First 4 chapters of CISSP official study guide.

Let’s dig deeper into some of the sub topics in this domain. With each Sub-topic, I have also added the appropriate Hyperlink for its respective Blog.

1. Understand and Apply concepts of CIA
   1. Summary of CIA Triad
   2. IAAAA
   3. Protection Mechanism
2. Evaluate and Apply Security Governance
   1. Enterprise Governance … Its need
   2. Enterprise Architecture & Security Framework
   3. Security Control Documentation
   4. Organizational Goals/Mission
   5. Organizational Roles/Responsibility
   6. Due Care vs Due Diligence
   7. Organizational Process – Data Classification
3. Asset
4. Threat Modeling
   1. STRIDE Model
5. Risk Management
   1. Risk Management Framework – NIST
   2. Risk Assessment/Analysis
      1. Quantitative Methodology
      2. Qualitative Methodology
   3. Selection of Countermeasure
6. Business Continuity Planning
7. Personnel Security
8. Laws, Regulations and Compliance
   1. Computer Crimes Law
   2. Intellectual Property Law
   3. Software Licensing & Import/Export Law
   4. Privacy Law

Please Note: We will keep on updating this List as progressed to subsequent chapters.