A candidate appearing for the CISSP exam is expected to have broad knowledge and understanding of the following areas in the "Information Security and Risk Management" domain:
Planning, organization, and roles of individuals in identifying and securing an organization's information assets:
Information security is everyone's responsibility. Planning for suitable information security management practices is the first step. The planning process involves understanding the security requirements based on the business itself, and developing a suitable management framework.
The role played by individuals in securing an organization's information assets is vital. The second step is to set up a security organization framework consisting of individuals with specific roles and responsibilities.
Finally, the assets that need protection should be identified, and the level and type of security requirements need to be determined. Levels are based on CIA requirements and types are physical...