|
This course covers Domain 3 of the Certified Information Systems Security Professional (CISSP) exam. It explains what you need to know about identifying an organization's information assets, as well as the development, documentation, and implementation of appropriate policies, standards, procedures, and guidelines. It also covers how data classification, risk assessment, and risk analysis are used to identify the threats, classify assets, and to rate their vulnerabilities so that effective security controls can be implemented.
Objectives:
After completing this course, students will be able to:
- Understand the principles of security management
- Understand risk management and how to use risk analysis to make information security management decisions
- Set information security roles and responsibilities throughout your organization
- Understand the considerations and criteria for classifying data
- Determine how employment policies and practices are used to enhance information security in your organization
- Use change control to maintain security
Topics:
- Defining security principles
- Identification and authentication
- Accountability and auditing
- Security management planning
- Risk management and analysis
- Risk analysis step by step
- Policies, standards, guidelines, and procedures
- Examining roles and responsibility
- Understanding protection mechanisms
- Classifying data
- Employment policies and practices
- Managing change control
- Security awareness training
|
