1.9.10 Continuous improvement

                             1.9.11 Risk frameworks


                        1.12 Establish and maintain a security awareness, education,
                        and training program

                             1.12.1 Methods and techniques to present awareness and
                             training

                             1.12.2 Periodic content reviews

                             1.12.3 Program effectiveness evaluation

                      Domain 6: Security Assessment and Testing

                             6.3.5 Training and awareness














                                       The Security and Risk Management domain of the
               Common Body of Knowledge (CBK) for the CISSP certification exam
               deals with many of the foundational elements of security solutions.
               These include elements essential to the design, implementation, and
               administration of security mechanisms.

               Additional elements of this domain are discussed in various chapters:

               Chapter 1, “Security Governance Through Principles and Policies”;
               Chapter 3, “Business Continuity Planning”; and Chapter 4, “Laws,
               Regulations, and Compliance.” Please be sure to review all of these
               chapters to have a complete perspective on the topics of this domain.

               Because of the complexity and importance of hardware and software
               controls, security management for employees is often overlooked in
               overall security planning. This chapter explores the human side of

               security, from establishing secure hiring practices and job descriptions
               to developing an employee infrastructure. Additionally, we look at how
               employee training, management, and termination practices are
               considered an integral part of creating a secure environment. Finally,