CISSP Study Plan: Day 1 (Domain 1 - Security and Risk Management)

1. Learning Target Preview (5-10 minutes)
  • Define the concepts of confidentiality, integrity, and availability (CIA Triad).
  • Understand governance principles, security policies, and professional ethics.
  • Outline the risk management process: identification, assessment, mitigation, and monitoring.
  • Recognize compliance requirements and legal issues (regulations, standards, investigations).
2. Audiobook Listening (Time varies)
  • Listen to Chapter 1: Introduction to Security and Risk Management.
  • Continue through Chapter 2: Governance and Compliance Practices.
  • Stop at the end of Section 2.3 (domain-specific examples).
  • Take brief notes on key definitions and frameworks.
3. 30-Minute Drill

Define and list the following key terms:

  • Confidentiality: Ensuring information is accessible only to authorized parties.
  • Integrity: Safeguarding the accuracy and completeness of information.
  • Availability: Ensuring reliable access to information and resources when needed.
  • Asset: Any data, device, or component of the environment that supports information-related activities.
  • Threat: Potential cause of an unwanted incident, which may result in harm to a system or organization.
  • Vulnerability: Weakness in a system that can be exploited by a threat source.
  • Risk: The potential for loss or damage when a threat exploits a vulnerability.
  • Control (Countermeasure): A measure implemented to mitigate risk.
  • Likelihood: Probability that a given threat will exploit a vulnerability.
  • Impact: The magnitude of harm that can be expected from a threat exploiting a vulnerability.
  • Governance: The set of responsibilities and practices exercised by management to provide strategic direction and ensure objectives are achieved.
  • Compliance: Conforming to stated requirements (laws, regulations, policies, standards).

Complete the following sentences:

  1. The primary goal of __________ is to ensure information is only seen by authorized users.
  2. A __________ is any weakness that could be exploited by a threat.
  3. _______ management involves identifying, assessing, and mitigating potential harms.
  4. Compliance requires aligning with __________ and __________.

Answer these flashcard-style questions:

  • What are the three pillars of the CIA Triad?
  • Define a threat versus a vulnerability.
  • Name two types of governance frameworks.

Teach one of the following concepts out loud as if instructing a peer:

  • Risk assessment process.
  • The role of controls in risk mitigation.
  • Difference between governance and compliance.
4. Scenario Challenge Set (15 minutes)
  1. You're the security manager at a small firm. A new regulation requires quarterly risk assessments. Outline your process.
  2. An executive requests access to sensitive data for an unauthorized purpose. Describe your ethical and policy-based response.
  3. A vulnerability is discovered in a critical system. Using risk management principles, prioritize and recommend mitigation steps.
5. Concept Summary (15 minutes)

Write a concise summary (250–300 words) covering the key concepts you studied today, including:

  • CIA Triad definitions and examples.
  • Governance frameworks and professional ethics.
  • Risk management process steps.
  • Compliance and legal considerations.

End your summary with one area you need to review further and why.