ISC2 CISSP Security and Risk Management Guide

Study ISC2 CISSP Security and Risk Management: key concepts, common traps, and exam decision cues.

This is the heaviest CISSP domain. ISC2 is testing whether you can govern security as a business discipline before you start solving technical implementation questions.

Work this chapter in order

Lesson	Focus
1.1 Governance & Compliance	Learn the policy, ethics, compliance, and risk-treatment decisions that anchor CISSP.
1.2 BIA & Continuity	Learn how CISSP connects continuity, staffing, and supply chain risk back to governance.

Fast routing inside this chapter

If the question is really about…	Go first to…
ethics, governance, due care, policy, or risk response	1.1 Governance & Compliance
BIA, BC, DR, hiring, awareness, or supply chain risk	1.2 BIA & Continuity

What strong answers usually do

align security to business goals before picking a technical control
choose documented, auditable risk treatment instead of vague good intentions
treat continuity, hiring, and supplier decisions as security design inputs

In this section

ISC2 CISSP Governance and Risk Treatment Guide
Study ISC2 CISSP Governance and Risk Treatment: key concepts, common traps, and exam decision cues.
ISC2 CISSP BIA and Supply Chain Risk Guide
Study ISC2 CISSP BIA and Supply Chain Risk: key concepts, common traps, and exam decision cues.

Revised on Sunday, May 10, 2026

2. Assets