CISSP certification: Governance vs. Management.

For the certification it is important to know where you are in the organization and answer the questions from that viewpoint.
You are a risk adviser or a IT security manager, answer all questions with that in mind. 

  • Governance vs. Management
    • Governance – This is C-level Executives (Not you).
      • Stakeholder needs, conditions and options are evaluated to define:
        • Balanced agreed-upon enterprise objectives to be achieved.
        • Setting direction through prioritization and decision making.
        • Monitoring performance and compliance against agreed-upon direction and objectives.
        • Risk appetite – Aggressive, neutral, adverse.
    • Management – How do we get to the destination (This is you).
      • Plans, builds, runs and monitors activities in alignment with the direction set by the governance to achieve the objectives.
      • Risk tolerance – How are we going to practically work with our risk appetite and our environment.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like

Leave a Reply