Domain 1: Security and Risk Management

CISSP · this domain is approximately 16.0% of the exam · 0 practice questions.

Security and Risk Management is the largest domain in the CISSP exam, covering the foundational principles of information security governance, risk analysis, legal and regulatory compliance, and security policy development. It encompasses concepts such as threat modeling, risk treatment options (accept, transfer, mitigate, avoid), business continuity planning, and professional ethics under the (ISC)2 Code of Ethics. This domain establishes the strategic and managerial mindset that CISSP candidates must demonstrate, reflecting the expectation that a CISSP operates at a leadership level rather than purely a technical one.

Practice all 0 questions in this domain

The full CISSP bank includes 0 more questions in this domain, each with a verified answer and a written explanation.