The CISSP domains are derived from a wide range of information security topics defined in the _(ISC)² Common Body of Knowledge (CBK)_.
This domain is one of the most important in the exam, accounting for approximately 15% of the total CISSP content. It provides the foundational knowledge required to understand how security is governed, managed, and applied in real-world environments.
The course covers the overall scope of this domain through 13 key modules, each focusing on critical aspects of security and risk management.
Key Learning Objectives
By the end of this domain, you will be able to:
- Understand, adhere to, and promote professional ethics
- Understand and apply core security concepts, including the CIA Triad
- Evaluate and apply security governance principles
- Determine privacy compliance and regulatory requirements
- Understand legal and regulatory issues related to information security
- Understand requirements for different investigation types
- Develop and implement:
- Security policies
- Standards
- Procedures
- Guidelines
Risk, Continuity, and Security Management
This domain also focuses heavily on risk and operational security practices. You will learn how to:
- Identify, analyze, and prioritize business continuity requirements
- Contribute to and enforce personnel security policies and procedures
- Understand and apply risk management concepts
- Understand and apply threat modeling methodologies
Advanced Security Practices
In addition, the course introduces more advanced and practical areas of security:
- Apply supply chain risk management concepts
- Establish and maintain a security awareness, education, and training program
Getting Started
This domain sets the foundation for all other CISSP domains. It builds the mindset required for making security decisions that align with organizational goals, legal requirements, and ethical standards.
Now, let’s get started with Domain 1: Security and Risk Management.