1.1 Understand and apply concepts of confidentiality, integrity and availability

1.2 Evaluate and apply security governance principles

• Alignment of security function to business strategy, goals, mission, and objectives

• Organizational processes (e.g., acquisitions, divestitures, governance

• committees)

• Organizational roles and responsibilities

• Security control frameworks

• Due care/due diligence

1.3 Determine compliance requirements

• Contractual, legal, industry standards, and regulatory requirements

• Privacy requirements

1.4 Understand legal and regulatory issues that pertain to information security

in a global context

• Cyber crimes and data breaches

• Trans-border data flow

• Licensing and intellectual property

• requirements

• Privacy

• Import/export controls

1.5 Understand, adhere to, and promote professional ethics

(ISC)² Code of Professional Ethics

• Organizational code of ethics

1.6 Develop, document, and implement security policy, standards, procedures, and guidelines

1.7 Identify, analyze, and prioritize Business Continuity (BC) requirements

• Develop and document scope and plan

• Business Impact Analysis (BIA)

The CISSP® Online Training is a comprehensive program that covers the eight domains of the CISSP Common Body of Knowledge (CBK). The curriculum is designed to provide professionals with the knowledge and skills necessary to identify, assess, and mitigate security risks and vulnerabilities across a wide range of systems and technologies. The program consists of the following topics:

• Identify and classify information and assets

• Determine and maintain ownership of assets

• Protect privacy and ensure appropriate retention

• Conduct asset management throughout the information lifecycle

• Implement and manage engineering processes using secure design principles

• Understand security models and their use

• Evaluate and apply security controls

• Understand the security capabilities of information systems and components

• Understand and apply secure network architecture principles

• Understand and implement secure communication channels

• Understand and apply network security technologies and devices

• Implement and maintain secure network components

• Control access to information assets

• Understand and apply identity management principles

• Understand and implement physical and logical access controls

• Understand and implement identity and access provisioning lifecycle

• Understand and apply security assessment and testing processes

• Understand and apply security control testing

• Understand and apply security monitoring