Security-Management Practices

Table of contents:


This chapter helps the reader prepare for the security-management domain. Security management addresses the identification of the organization's information assets. The security-management domain also introduces some critical documents, such as policies, procedures, and guidelines. These documents are of great importance because they spell out how the organization manages its security practices and details what is most important to the organization.

These documents are not developed in a void. Senior management helps point out the general direction, and risk-assessment and risk-analysis activities are used to determine where protective mechanisms should be placed. This chapter also introduces the two ways to calculate risk: qualitatively and quantitatively.

Finally, it's important to not forget the employees. Employees need to be trained on what good security is and what they can do to ensure that good security is always practiced in the workplace. The goal here, as in other domains, is to ensure confidentiality, integrity, and availability of the organization's assets and information. This chapter divides security-management practices into five broad categories:

  • Risk assessment
  • Policy
  • Implementation
  • Training and education
  • Auditing the security infrastructure

Before we jump into these topics and look at the ways in which informational assets are protected, let's talk briefly about the risks of poor security management and the role of confidentiality, integrity, and availability.

The CISSP Cram Sheet

A Note from Series Editor Ed Tittel

About the Author


We Want to Hear from You!



The CISSP Certification Exam

Physical Security

Security-Management Practices

Access-Control Systems and Methodology

System Architecture and Models

Telecommunications and Network Security

Applications and Systems-Development Security

Operations Security

Business Continuity Planning

Law, Investigations, and Ethics


Practice Exam 1

Answers to Practice Exam 1

Practice Exam 2

Answers to Practice Exam 2

CISSP Exam Cram 2
CISSP Exam Cram 2
ISBN: 078973446X
EAN: 2147483647
Year: 2003
Pages: 204
Authors: Michael Gregg © 2008-2020.
If you may any questions please contact us: