Читать книгу (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple - Страница 73

THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

 Domain 1.0: Security and Risk Management1.9 Contribute to and enforce personnel security policies and procedures1.9.1 Candidate screening and hiring1.9.2 Employment agreements and policies1.9.3 Onboarding, transfers, and termination processes1.9.4 Vendor, consultant, and contractor agreements and controls1.9.5 Compliance policy requirements1.9.6 Privacy policy requirements1.10 Understand and apply risk management concepts1.10.1 Identify threats and vulnerabilities1.10.2 Risk assessment/analysis1.10.3 Risk response1.10.4 Countermeasure selection and implementation1.10.5 Applicable types of controls (e.g., preventive, detective, corrective)1.10.6 Control assessments (security and privacy)1.10.7 Monitoring and measurement1.10.8 Reporting1.10.9 Continuous improvement (e.g., Risk maturity modeling)1.10.10 Risk frameworks 1.13 Establish and maintain a security awareness, education, and training program1.13.1 Methods and techniques to present awareness and training (e.g., social engineering, phishing, security champions, gamification)1.13.2 Periodic content reviews1.13.3 Program effectiveness evaluation

The Security and Risk Management domain of the CISSP certification exam deals with many of the foundational elements of security solutions, such as design, implementation, and administration of security mechanisms. Additional elements of this domain are discussed in various chapters: Chapter 1, “Security Governance Through Principles and Policies”; Chapter 3, “Business Continuity Planning”; and Chapter 4, “Laws, Regulations, and Compliance.” Please be sure to review all of these chapters to have a complete perspective on the topics of this domain.