CISSP Domain 1: Cybersecurity and risk management

Last updated:July 2017

Editor's note

Ancient Greek philosopher Heraclitus wisely posited that change is the only constant in life. Although his words are about 2,500 years old, the concept remains fresh and familiar for anyone who works in information security, particularly in the areas of governance, risk management and compliance (GRC).

Infosec pros must not only keep up with rapidly emerging and escalating threats, but they must also ensure that enterprise data and systems meet continually evolving privacy requirements imposed by governmental and regulatory bodies. Understanding information security management principles is the first step to confronting these challenges.

In this Security School, based on (ISC)² CISSP training material on Domain 1 of the exam, learn about important GRC requirements and concepts, as well as top-down and bottom-up approaches that infosec pros can use to effectively apply information security management principles in the enterprise. In his tip and video, expert Adam Gordon shows how the path to an effective GRC strategy is paved with proficiency in privacy, data integrity and compliance needs. Complex and overlapping demands are best understood and addressed when information security teams and business leaders work in partnership, he explains.

Once you've reviewed the parts of this Security School on governance, risk management and compliance, take the quiz to see how much you have learned about information security management principles, priorities and tactics.  

View our Security School Course Catalog to view more schools.

CISSP® is a registered mark of (ISC)².

1Dive into information security management principles and strategies

The lack of an effective GRC strategy can have devastating consequences for an enterprise, ranging from heavy fines to legal actions to operational failures. The following lessons of this Security School explore information security management principles that can help avoid these worst-case scenarios.

Enterprise Desktop
Cloud Computing