Skip to content
CQ
CertifyQuiz
← Back to certification

Security and Risk Management

Core CISSP concepts, CIA triad, risk management, governance, policies, compliance, ethics, and residual risk handling.

Security and Risk Management is the foundation of the CISSP certification. This domain covers governance, risk analysis, compliance, and security policies. You will learn how to identify risks, apply controls, and manage security at an organizational level.

🚀 Start quiz

Available questions: 128

What you will learn in this topic

This topic is part of the CISSP path. This page helps you understand what this topic covers, which concepts matter most, and why practicing with a focused quiz can improve your exam preparation.

The quiz on Security and Risk Management helps you focus on definitions, practical scenarios, recurring concepts, and the kind of knowledge that often appears during certification study and review.

Why this topic matters

Studying Security and Risk Management properly is important because it strengthens your overall understanding of the CISSP certification. Good topic-level preparation makes it easier to answer both theoretical and practical questions with more confidence and speed.

Training one topic at a time also helps you identify weak points, review more efficiently, and build a more structured preparation path before moving to mixed quizzes or full exam simulations.

What is Security and Risk Management

This domain focuses on managing security at a strategic level. It includes governance, compliance, risk management and the creation of security policies.

Risk Management

Risk management involves identifying, analyzing and reducing risks. Organizations evaluate threats, vulnerabilities and impact to decide how to mitigate risks effectively.

Security Policies

Policies define rules and expectations for protecting information. They guide employees and ensure consistency across the organization.

Compliance and Regulations

Organizations must comply with laws and standards such as GDPR, ISO 27001 or NIST frameworks. Compliance ensures legal and regulatory alignment.

Ethics and Governance

Security professionals must follow ethical principles and governance frameworks to ensure responsible management of information security.

Related topics

Identity and Access Management (IAM)
Authentication, authorization, AAA, access control models, RBAC/ABAC, federation, MFA, and identity lifecycle.
Asset Security
Information classification, data handling, asset protection, retention, secure disposal, and basic data privacy.
Communication and Network Security
Network and communications security: protocols, segmentation, architectures, defenses, VPN, IDS/IPS, and network attacks.
Security Assessment and Testing
Audits and assessments, vulnerability management, penetration testing, metrics, control validation, and reporting.
Security Architecture and Engineering
Security architecture, models (Bell-LaPadula, Biba, Clark-Wilson), cryptography, PKI, key management, hardware security, and trusted computing.
Security Operations
Security operations: incident handling, monitoring, logging, forensics, change/config management, BCP/DR, remediation, and day-to-day operations.
Software Development Security
Development security: SDLC, secure coding, threat modeling, OWASP, code review, DevSecOps, and application vulnerability management.