CISSP Domain 1 & 2 Full Review | Security & Asset Security
Comprehensive review of CISSP Domains 1 & 2: Security & Risk Management, Asset Security. Perfect for exam prep! π©βπ»
CyberPlatter
3.0K views β’ Dec 29, 2025
About this video
CISSP Domain 2 Full Review | Asset Security: https://youtu.be/NgMsnV4HyE4
Welcome to CyberPlatter! π Iβm Navya, and this video begins a step-by-step CISSP review series created to help you understand core security concepts, focus on exam-relevant topics, and build a strong foundation for the CISSP certification exam.
In this video, we cover CISSP Domain 1 - Security and Risk Management.
Domain 1: Security and Risk Management
1.1 - Understand, adhere to, and promote professional ethics
ISC2 Code of Professional Ethics
Organizational code of ethics
1.2 - Understand and apply security concepts
Confidentiality, integrity, and availability, authenticity, and nonrepudiation (5 Pillars of Information Security)
1.3 - Evaluate and apply security governance principles
Alignment of the security function to business strategy, goals, mission, and objectives
Organizational processes (e.g., acquisitions, divestitures, governance committees)
Organizational roles and responsibilities
Security control frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Sherwood Applied Business Security Architecture (SABSA), Payment Card Industry (PCI), Federal Risk and Authorization Management Program (FedRAMP))
Due care/due diligence
1.4 - Understand legal, regulatory, and compliance issues that pertain to information security in a holistic context
Cybercrimes and data breaches
Licensing and Intellectual Property requirements
Import/export controls
Transborder data flow
Issues related to privacy (e.g., General Data Protection Regulation (GDPR), California Consumer Privacy Act, Personal Information Protection Law, Protection of Personal Information Act)
Contractual, legal, industry standards, and regulatory requirements
1.5 - Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
1.6 - Develop, document, and implement security policy, standards, procedures, and guidelines
1.7 - Identify, analyze, assess, prioritize, and implement Business Continuity (BC) requirements
Business impact analysis (BIA)
External dependencies
1.8 - Contribute to and enforce personnel security policies and procedures
Candidate screening and hiring
Employment agreements and policy driven requirements
Onboarding, transfers, and termination processes
Vendor, consultant, and contractor agreements and controls
1.9 - Understand and apply risk management concepts
Threat and vulnerability identification
Risk analysis, assessment, and scope
Risk response and treatment (e.g., cybersecurity insurance)
Applicable types of controls (e.g., preventive, detection, corrective)
Control assessments (e.g., security and privacy)
Continuous monitoring and measurement
Reporting (e.g., internal, external)
Continuous improvement (e.g., risk maturity modeling)
Risk frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Sherwood Applied Business Security Architecture (SABSA), Payment Card Industry (PCI))
1.10 - Understand and apply threat modeling concepts and methodologies
1.11 - Apply Supply Chain Risk Management (SCRM) concepts
Risks associated with the acquisition of products and services from suppliers and providers (e.g., product tampering, counterfeits, implants)
Risk mitigations (e.g., third-party assessment and monitoring, minimum security requirements, service level requirements, silicon root of trust, physically unclonable function, software bill of materials)
1.12 - Establish and maintain a security awareness, education, and training program
Methods and techniques to increase awareness and training (e.g., social engineering, phishing, security champions, gamification)
Periodic content reviews to include emerging technologies and trends (e.g., cryptocurrency, artificial intelligence (AI), blockchain)
Program effectiveness evaluation
#CISSP #CISSPDomain1 #SecurityAndRiskManagement #CISSPFullReview #CISSPTutorial #CISSP #CISSPExam #CISSPPrep #CISSPDomain1 #CISSPStudy #CISSPCertification #ISC2 #SecurityAndRiskManagement #CISSPExamPreparation #ISC2CISSP #Cybersecurity #InformationSecurity #CyberPlatter #isc2cissp #cisspexam #cissp
Welcome to CyberPlatter! π Iβm Navya, and this video begins a step-by-step CISSP review series created to help you understand core security concepts, focus on exam-relevant topics, and build a strong foundation for the CISSP certification exam.
In this video, we cover CISSP Domain 1 - Security and Risk Management.
Domain 1: Security and Risk Management
1.1 - Understand, adhere to, and promote professional ethics
ISC2 Code of Professional Ethics
Organizational code of ethics
1.2 - Understand and apply security concepts
Confidentiality, integrity, and availability, authenticity, and nonrepudiation (5 Pillars of Information Security)
1.3 - Evaluate and apply security governance principles
Alignment of the security function to business strategy, goals, mission, and objectives
Organizational processes (e.g., acquisitions, divestitures, governance committees)
Organizational roles and responsibilities
Security control frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Sherwood Applied Business Security Architecture (SABSA), Payment Card Industry (PCI), Federal Risk and Authorization Management Program (FedRAMP))
Due care/due diligence
1.4 - Understand legal, regulatory, and compliance issues that pertain to information security in a holistic context
Cybercrimes and data breaches
Licensing and Intellectual Property requirements
Import/export controls
Transborder data flow
Issues related to privacy (e.g., General Data Protection Regulation (GDPR), California Consumer Privacy Act, Personal Information Protection Law, Protection of Personal Information Act)
Contractual, legal, industry standards, and regulatory requirements
1.5 - Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
1.6 - Develop, document, and implement security policy, standards, procedures, and guidelines
1.7 - Identify, analyze, assess, prioritize, and implement Business Continuity (BC) requirements
Business impact analysis (BIA)
External dependencies
1.8 - Contribute to and enforce personnel security policies and procedures
Candidate screening and hiring
Employment agreements and policy driven requirements
Onboarding, transfers, and termination processes
Vendor, consultant, and contractor agreements and controls
1.9 - Understand and apply risk management concepts
Threat and vulnerability identification
Risk analysis, assessment, and scope
Risk response and treatment (e.g., cybersecurity insurance)
Applicable types of controls (e.g., preventive, detection, corrective)
Control assessments (e.g., security and privacy)
Continuous monitoring and measurement
Reporting (e.g., internal, external)
Continuous improvement (e.g., risk maturity modeling)
Risk frameworks (e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Sherwood Applied Business Security Architecture (SABSA), Payment Card Industry (PCI))
1.10 - Understand and apply threat modeling concepts and methodologies
1.11 - Apply Supply Chain Risk Management (SCRM) concepts
Risks associated with the acquisition of products and services from suppliers and providers (e.g., product tampering, counterfeits, implants)
Risk mitigations (e.g., third-party assessment and monitoring, minimum security requirements, service level requirements, silicon root of trust, physically unclonable function, software bill of materials)
1.12 - Establish and maintain a security awareness, education, and training program
Methods and techniques to increase awareness and training (e.g., social engineering, phishing, security champions, gamification)
Periodic content reviews to include emerging technologies and trends (e.g., cryptocurrency, artificial intelligence (AI), blockchain)
Program effectiveness evaluation
#CISSP #CISSPDomain1 #SecurityAndRiskManagement #CISSPFullReview #CISSPTutorial #CISSP #CISSPExam #CISSPPrep #CISSPDomain1 #CISSPStudy #CISSPCertification #ISC2 #SecurityAndRiskManagement #CISSPExamPreparation #ISC2CISSP #Cybersecurity #InformationSecurity #CyberPlatter #isc2cissp #cisspexam #cissp
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
3.0K
Likes
76
Duration
02:48:13
Published
Dec 29, 2025
User Reviews
4.5
(3) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
Trending Now