The Role of Information Security Governance and Risk Management in the CISSP certification

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

< Back to Blog Posts

The Role of Information Security Governance and Risk Management in the CISSP certification

Published: June 22, 2015 | By: Rachel Laura M | Views: 2045
save

The Certified Information Systems Security Professional (CISSP) certification is a strong credential to have for professionals who have a mix of both technical and managerial experience as well as competence in designing, engineering and the overall management of security programs. Their knowledge helps protect company’s important and confidential information from the growing threat of cyber attacks. This certification is perfect for security professionals in the following positions:

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect

The CISSP certification consists of many topics. One of them is Governance and Risk Management; which covers the following:

  • How management views security
  • The structure of the security organization
  • Who the Information Security Officer (ISO) reports to

When studying this particular topic, it is important to realize that security is not just about IT. Information security also centers on what is known as the CIA Triad (not to be confused with the government organization) but rather:

  • Confidentiality: means the data has not been disclosed
  • Integrity: means the data hasn’t been altered
  • Availability: means the data is still there and has not been destroyed

When learning about risk management, one of the first things to learn about is how to assess qualitative risk management vs quantitative risk management. For example, if a system will be down for a certain amount of time, that falls under quantitative risk management whereas qualitative is more subjective and open to individual interpretation. When assessing risk, there are a number of frameworks that can be used:

  • Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
  • Factor Analysis of Information Risk (FAIR)
  • National Institute of Standards and Technology (NIST) Risk Management Framework
  • Threat Agent Risk Assessment (TARA)

When analyzing risk, it is necessary to answer the following questions:

  • What is the value of the information and assets?
  • What are the threats against these assets?
  • What impact will the threat have on the organization?
  • What is the probability that this threat will occur?

Essentially, the topic of Information Security Governance and Risk Management is truly all encompassing and something a security professional must have an awareness of at all times. A CISSP certification examines all the topics a professional in this field must know to do the best job. There are a variety of methods one can take to obtain this certification and avoid the commonly associated huge fees of training, and these include self-guided book study from the Shon Harris All-in-One to our free CISSP training online.

Check out all the free cyber security courses at Cybrary!

< Back to Blog Posts
Enjoy this blog post? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel