CISSP Domain 1: Cybersecurity and risk management

Last updated:July 2017

Editor's note

Ancient Greek philosopher Heraclitus wisely posited that change is the only constant in life. Although his words are about 2,500 years old, the concept remains fresh and familiar for anyone who works in information security, particularly in the areas of governance, risk management and compliance (GRC).

Infosec pros must not only keep up with rapidly emerging and escalating threats, but they must also ensure that enterprise data and systems meet continually evolving privacy requirements imposed by governmental and regulatory bodies. Understanding information security management principles is the first step to confronting these challenges.

In this Security School, based on (ISC)² CISSP training material on Domain 1 of the exam, learn about important GRC requirements and concepts, as well as top-down and bottom-up approaches that infosec pros can use to effectively apply information security management principles in the enterprise. In his tip and video, expert Adam Gordon shows how the path to an effective GRC strategy is paved with proficiency in privacy, data integrity and compliance needs. Complex and overlapping demands are best understood and addressed when information security teams and business leaders work in partnership, he explains.

Once you've reviewed the parts of this Security School on governance, risk management and compliance, take the quiz to see how much you have learned about information security management principles, priorities and tactics.  

View our Security School Course Catalog to view more schools.

CISSP® is a registered mark of (ISC)².

1Dive into information security management principles and strategies

The lack of an effective GRC strategy can have devastating consequences for an enterprise, ranging from heavy fines to legal actions to operational failures. The following lessons of this Security School explore information security management principles that can help avoid these worst-case scenarios.

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing