Security and Risk Management

Domain One

All organizations must develop their security posture. Security posture is an organization’s ability to manage its defense of critical assets and data and react to change. Elements of the security and risk management domain that impact an organization's security posture include:

  • Security goals and objectives

  • Risk mitigation processes

  • Compliance

  • Business continuity plans

  • Legal regulations

  • Professional and organizational ethics

Information security, or InfoSec, is also related to this domain and refers to a set of processes established to secure information. An organization may use playbooks and implement training as a part of their security and risk management program, based on their needs and perceived risk. There are many InfoSec design processes, such as:

  • Incident response

  • Vulnerability management

  • Application security

  • Cloud security

  • Infrastructure security

As an example, a security team may need to alter how personally identifiable information (PII) is treated in order to adhere to the European Union's General Data Protection Regulation (GDPR).

Updated on
Intro of Google's Cybersecurity Course
Asset Security