Chapter 6
Information Security Governance and Risk Management
In This Chapter
Understanding security governance, data classification, and risk management concepts
Knowing your missions, goals, and objectives
Practicing security policies, standards, guidelines, and procedures
Taking stock of information security management practices
Identifying security education, training, and awareness needs and opportunities
The Information Security Governance and Risk Management domain introduces many important concepts and overlaps with several other domains. Fortunately, it’s not an extremely technical domain, and the concepts that we discuss in this chapter are fairly straightforward and easy to understand.