Session 1

Good morning, everyone. Today we kick off our CISSP journey with Domain 1: Security & Risk Management. Over the next 5–10 minutes, I want you to understand exactly what we’ll cover and why it matters:

1. CIA Triad Refresher

   We’ll revisit Confidentiality, Integrity, and Availability—the bedrock of any security program. You’ll hear real‐world examples of how each pillar protects an organization’s data and operations.

2. Security Governance Fundamentals

   You’ll learn the roles and responsibilities of key stakeholders—from executives setting strategy, to security architects designing controls, to auditors verifying compliance. We’ll map out a simple governance framework so you can see how policy flows from boardroom to break room.

3. Compliance Standards Overview

   We'll touch on ISO 27001, the NIST Cybersecurity Framework, and other regulations. I’ll highlight the common threads—risk assessment, continuous improvement—and point out where they differ.

4. Policies vs. Standards vs. Procedures vs. Guidelines

Finally, we’ll clarify the hierarchy: why a policy tells you what you must do, a standard tells you how to measure it, a procedure shows step-by-step execution, and guidelines offer best practice tips. By the end of this preview, you’ll know which document to reach for when you need to write or review security documentation.

Take these objectives to heart—this domain underpins the rest of the CISSP. Once we finish, you’ll be primed to dive deeper into the legal, ethical, and procedural controls that keep organizations safe.”