Page 137 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 137

Chapter 2

               Personnel Security and Risk Management

               Concepts


               THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER

               INCLUDE:

                      Domain 1: Security and Risk Management

                        1.8 Contribute to and enforce personnel security policies and
                        procedures

                             1.8.1 Candidate screening and hiring

                             1.8.2 Employment agreements and policies

                             1.8.3 Onboarding and termination processes

                             1.8.4 Vendor, consultant, and contractor agreements and
                             controls


                             1.8.5 Compliance policy requirements

                             1.8.6 Privacy policy requirements

                        1.9 Understand and apply risk management concepts

                             1.9.1 Identify threats and vulnerabilities

                             1.9.2 Risk assessment/analysis

                             1.9.3 Risk response

                             1.9.4 Countermeasure selection and implementation

                             1.9.5 Applicable types of controls (e.g., preventive, detective,
                             corrective)

                             1.9.6 Security Control Assessment (SCA)


                             1.9.7 Monitoring and measurement

                             1.9.8 Asset valuation

                             1.9.9 Reporting
   132   133   134   135   136   137   138   139   140   141   142