Course

Skills Expanded

CISSP® - Security and Risk Management

ISC(2)'s CISSP examination is one of the most highly valued certifications in the information security profession. Take the first step towards gaining the knowledge needed to tackle the first domain of the CISSP.

Preview this course

What you'll learn

If you are looking to begin your journey towards the highly respected CISSP credential, then you have come to the right place! This course covers a broad range of topics listed in ISC2's Certified Information System Security Professional (CISSP) Common Body of Knowledge (CBK) - Security and Risk Management domain. In this course, you will learn the foundations of security and risk management, including topics such as cyber crime, legal and regulatory concerns, threat modeling, and much, much more. When you are finished with this course, you will have a good security and risk management foundation that will provide you with the context and knowledge needed to be successful in the information security profession.

Course Overview

1min

Course Overview 2m

Introduction

5mins

Introduction 5m

Fundamental Security Principles

35mins

Introduction 2m
Security and Risk Management Fundamentals 3m
Balancing Business and Security 2m
The CIA Triad 9m
Accountability and Assurance 5m
Control Types 3m
Delaying, Preventing, or Detecting Attacks 5m
Due Care and Due Diligence 2m
Ethics 3m
Conclusion 1m

Legal and Regulatory

13mins

Introduction 1m
Legal Systems 1m
Criminal and Civil Law 3m
Administrative Law 3m
Important Laws 5m
Summary 1m

Computer Crime

20mins

Introduction 1m
Computers Can Be Used for EVIL 2m
Some Hack Just Because They Can 3m
It's All About the Money 3m
Spies Are Real 2m
Payback and Government Hackers 3m
Theft, Vandalism, and Trespass 2m
Fraud, Spam, and Slander 3m
Conclusion 2m

Intellectual Property

6mins

Introduction 1m
Patents 2m
Trademarks and Trade Secrets 1m
Copyrights 1m
Summary 0m

Privacy

16mins

Introduction 1m
Privacy Matters 5m
Privacy Law Examples 9m
Conclusion 1m

Licensing

15mins

Introduction 1m
Reasons for Licensing 2m
License Types 1m
Open Versus Closed Source Licensing 2m
Commercial Versus Non-commercial Licensing 3m
End User License Agreements 1m
Free Software 2m
Demo and Trial Licenses 1m
Shareware 1m
Academic Software Licensing 1m
Summary 1m

Trans-border Data Flow

8mins

Introduction 1m
Trans-border Data Flow 4m
Import and Export Controls 2m
Summary 1m

Security Awareness

15mins

Introduction 1m
Develop a Culture of Security Awareness 5m
Types of Security Awareness 2m
Expected Impact of Training 2m
Awareness Validation 4m
Summary 1m

Aligning Security to the Organization

16mins

Introduction 1m
Governance 1m
Roles and Responsibilities 7m
Organizational Objectives 2m
Security Goals 3m
Security Mission 2m
Conclusion 1m

Creating Policies, Procedures, Guidelines, and Baselines

19mins

Introduction 1m
Security Frameworks Introduction 4m
Effective Policies and Procedures 3m
Policy Sections 3m
Procedures 3m
Guidelines 1m
Baselines 2m
Summary 1m

Continuity Planning and Disaster Recovery

11mins

Introduction 1m
Business Continuity Process 1m
Conducting a Business Impact Analysis 1m
Disaster Recovery Planning vs. Business Continuity Planning 2m
Testing Your Plans 2m
Disaster Events 1m
Recovering from Disaster 1m
Disaster Recovery Controls 2m
Conclusion 1m

Threat Modeling

14mins

Introduction 1m
Threat Modeling Overview 2m
Threat Modeling Focus 2m
Threat Model - Scoping 1m
Reviewing the Architecture 1m
Decomposing 1m
Threat Identification using STRIDE 2m
Defining and Documenting Countermeasures 1m
Prioritization 1m
Summary 1m

Risk Assessment Concepts

16mins

Introduction 1m
Threats 2m
Threat Source 2m
Vulnerabilities 1m
Risk 0m
Risk Assessments 2m
Risk Assessment Methodologies 2m
Real World Threats and Vulnerabilities 2m
Assessment Approach 1m
Analysis Approach 1m
Risk Acceptance and Assignment 1m
Common Calculations 1m
Conclusion 1m

Countermeasure Selection Process

15mins

Introduction 2m
What Is a Countermeasure? 2m
Control Variations 1m
Control Types 3m
Control Considerations 2m
Assessing Control Strength 2m
Countermeasure Assurance 1m
Example Countermeasures 3m
Conclusion 1m

Frameworks

13mins

Introduction 2m
Risk Management Framework 1m
Leveraging Frameworks 1m
NIST Risk Management Framework RMF 5m
FAIR 2m
OCTAVE Allegro 1m
Summary 1m

About the author

Lee Allen

With over two decades of experience in the security industry, Lee is a seasoned professional with a proven track record of delivering top-notch security services to a diverse range of organizations. From Internet Service Providers and computer manufacturers to global pharmaceutical companies, public universities, and a major bank, Lee has worked with some of the biggest names in the industry. With experience as a leader of the penetration testing team at a large bank, Lee has developed deep expe... more

See more courses by Lee Allen

Ready to upskill? Get started

Contact Sales

CISSP® - Security and Risk Management

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Contact Sales

CISSP® - Security and Risk Management

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Ready to skill up
your entire team?

Ready to skill up
your entire team?