Week 1 Progress
Week 1 - Overview
DashboardSession Previews
Summary
In our first session, we lay the groundwork for effective security governance. We’ll start by exploring the ISC² Code of Ethics and Professional Practices—why they exist, how they guide decision-making, and the role of integrity and accountability in our profession. (Sub-domain 1.1) From there, we’ll unpack the core security concepts—confidentiality, integrity, availability—and see how these pillars inform organizational policy. (Sub-domain 1.2) To bring it all together, we’ll look at how to apply a risk-based management approach to supply-chain decisions, ensuring that vendors and third parties meet your security objectives.
Key Terms
| ISC² Code of Ethics |
| Professional Practices |
| Confidentiality (CIA Triad) |
| Integrity (CIA Triad) |
| Availability (CIA Triad) |
| Risk‑Based Management |
| Supply Chain Security |
| Third‑Party Risk |
Subdomains
| 1.1 | Understand, adhere to, and promote professional ethics |
| 1.2 | Understand and apply security concepts |
Session 2
Chat with ChatGPTSummary
This session opens with a quick recap of key takeaways from Session 1, reinforcing how ethics and fundamental concepts mesh with governance frameworks. We then dive into Personnel Security Policies and Procedures. (Sub-domains 1.3–1.4)
- Background investigations and continuous vetting
- Onboarding/offboarding controls to enforce separation of duties
- Security clearance levels and how they tie into overall risk posture
By the end, you’ll understand how human-centric controls form the backbone of a robust governance program.
Key Terms
| Background Investigations |
| Continuous Vetting |
| Onboarding Controls |
| Offboarding Controls |
| Separation of Duties |
| Security Clearances |
| Insider Threat |
Subdomains
| Sub-Domain | Title |
|---|---|
| 1.3 | Evaluate and apply security governance principles |
| 1.4 | Determine compliance and other requirements |
Session 3
Chat with ChatGPTSummary
Now that we’ve covered people controls, we shift to the legal and regulatory landscape. (Sub-domain 1.5) You’ll learn to navigate major regulations (e.g., GDPR, HIPAA), contractual requirements, and industry standards—knowing what applies and how to demonstrate compliance.
Next, we’ll explore the requirements for various investigation types: administrative, criminal, civil, and regulatory. (Sub-domain 1.6) We’ll discuss evidence preservation, chain-of-custody basics, and how investigations feed back into strengthening your governance processes. We’ll close with a set of “Exam Essentials” to highlight high-value facts and concepts you need to master.
Key Terms
| Regulatory Requirements |
| GDPR |
| HIPAA |
| Contractual Obligations |
| Evidence Preservation |
| Chain of Custody |
| Administrative Investigations |
| Criminal Investigations |
| Civil Investigations |
| Regulatory Investigations |
Subdomains
| Sub-Domain | Title |
|---|---|
| 1.5 | Understand legal and regulatory issues that pertain to information security in a holistic context |
| 1.6 | Understand requirements for investigation types (administrative, criminal, civil, regulatory, industry standards) |
Session 4
Chat with ChatGPTSummary
This is your hands-on lab day focusing on policy development and documentation. (Sub-domain 1.7) You’ll draft sections of a security policy, map out supporting standards and procedures, and create clear guidelines that translate high-level directives into actionable steps.
Finally, you’ll perform a concise Business Impact Assessment exercise—identifying critical assets, evaluating potential losses, and prioritizing controls. This lab cements your ability to go from principles to published policy.
Key Terms
| Security Policy |
| Security Standards |
| Security Procedures |
| Guidelines |
| Policy Hierarchy |
| Business Impact Assessment (BIA) |
| Critical Asset Identification |
| Impact Analysis |
| Recovery Prioritization |
Subdomains
| 1.7 | Develop, document, and implement security policy, standards, procedures and guidelines |