6
CISSP Certication Exam Outline
1.8 Identify, analyze, and prioritize Business Continuity (BC) requirements
» Business Impact Analysis (BIA)
» Develop and document the scope and the plan
1.9 Contribute to and enforce personnel security policies and procedures
1.10 Understand and apply risk management concepts
1.11 Understand and apply threat modeling concepts and methodologies
1.12 Apply Supply Chain Risk Management (SCRM) concepts
1.13 Establish and maintain a security awareness, education, and training program
» Candidate screening and hiring
» Employment agreements and policies
» Onboarding, transfers, and termination processes
» Vendor, consultant, and contractor agreements
and controls
» Compliance policy requirements
» Privacy policy requirements
» Identify threats and vulnerabilities
» Risk assessment/analysis
» Risk response
» Countermeasure selection and implementation
» Applicable types of controls (e.g., preventive,
detective, corrective)
» Control assessments (security and privacy)
» Monitoring and measurement
» Reporting
» Continuous improvement
(e.g., Risk maturity modeling)
» Risk frameworks
» Risks associated with hardware, software,
and services
» Third-party assessment and monitoring
» Minimum security requirements
» Service level requirements
» Methods and techniques to present awareness and training (e.g., social engineering,
phishing, security champions, gamication)
» Periodic content reviews
» Program effectiveness evaluation