CISSP: Security and Risk Management Proficiency (Advanced Level)

  • 30m
  • 30 questions
The CISSP: Security and Risk Management Proficiency benchmark will measure your ability to recognize key terms and concepts related to security and risk management. You will be evaluated on security and risk principles, security governance principles, security policies, risk management, and business continuity planning. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key security and risk management terminology and concepts.

Topics covered

  • analyze the challenges of working with vendors, consultants, and contractors from the perspective of security policy
  • choose and implement controls and countermeasures
  • compare security control categories and types, such as operational, preventative, detective, and corrective
  • compare standards, guidelines, best practices, policies, and standard operating procedures (SOP)
  • compare various employee agreements and define practices for onboarding new employees
  • define authenticity as it relates to a key goal of security
  • define availability as it relates to a key goal of security
  • define confidentiality as it relates to a key goal of security
  • define integrity as it relates to a key goal of security
  • define issues that pertain to cybercrime, data breaches, IP, import/export, and transborder data flow
  • define non-repudiation as it relates to a key goal of security
  • describe and apply threat modeling concepts and methodologies
  • describe business continuity planning and continuity of operations processes
  • describe methods for aligning security with business strategy, goals, mission, and objectives
  • describe modern risk assessment and analysis methods
  • describe risk monitoring, measuring, and reporting
  • describe security best practices related to transfer and termination of employees
  • describe security concerns, such as travel, security training and awareness, emergency management, and personal duress
  • describe the concepts of due care and due diligence, providing real-world examples
  • develop and document a business impact analysis plan
  • develop, implement, and document various aspects of security policies as well as identify newer policies based on recent technology changes
  • evaluate security and privacy controls
  • identify common threats and vulnerabilities
  • list the requirements for investigation types such as administrative, criminal, civil, regulatory, and industry standards
  • outline contractual and legal industry standards and other regulatory privacy requirements
  • outline how to conduct different types of tests on disaster recovery plans, such as read-through, tabletop, walkthrough, simulation, parallel, and full interruption testing
  • outline how to implement various recovery strategies, like sites, processing, system resilience, high-availability, and fault tolerance
  • outline supply chain risk management (SCRM) concepts
  • outline the best practices for candidate screening, background investigations, and hiring new employees
  • understand various risk frameworks