ABSTRACT
The “Security and Risk Management” domain of the Certified Information Systems Security Professional (CISSP)® Common Body of Knowledge (CBK)® addresses the framework and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets and to assess the effectiveness of that protection. It includes issues of governance, organizational behavior, and security awareness.
