Below are some useful links to help you study for the CISSP exam:
That's it for now, if you're reading this because you've registered for the CISSP exam: good luck studying and check back here for more study aids!
In this second lesson we'll cover some basic Risk Management principles and techniques. To begin we'll define Risk:
A Risk is a possible event that, should it occur, may have a negative or positive impact on business objectives.
Note that in this definition a Risk may also have a positive impact. When discussing Risk with positive impact it's usually called Opportunity Management. In essence though, this works the same as Risk Management.
The most important part of Risk management are the last 3 words in the definition. It's all about the business objectives. If you're spending resources on treating risks that you can not relate to business objectives you're basically wasting those resources, keep this in mind with everything you do.Read more: Lesson 2: Core Principles - Risk Management
In our first lesson we'll focus on the core principles of information security. While there is some discussion on perhaps including some other items (which we'll discuss), the basic CIA triad as we'll cover below isn't going anywhere and is at the core of almost every information security activity.Read more: Lesson 1: Core Principles - The CIA Triad
Getting started with Information Security - Lesson 3: Setting up an ISMS, the pragmatic way.