The domain is also known as Security Management Practices -- all the crux of CISSP can be found in this very domain. Security Management Practices starts with the basics of information security. It describes to us what the terms threat, vulnerability, risk, exposure, confidentiality, integrity, availability etc. mean. The domain tells us what is the risk management process, how to carry out risk analysis and risk treatment. The domain gives us an overview to understand what policies, standards, guidelines, procedures and roles associated with information assets are all about. The domain emphasizes that security is management concern and not the IT concern.
No comments:
Post a Comment