CISSP certification: Governance vs. Management.

Post author:Thor Pedersen
Post published:September 14, 2017
Post category:CISSP Certification / CISSP, CISM, CISA, and PMP BLOG / IT security / Updates

For the certification it is important to know where you are in the organization and answer the questions from that viewpoint.
You are a risk adviser or a IT security manager, answer all questions with that in mind.

Governance vs. Management
- Governance – This is C-level Executives (Not you).
  - Stakeholder needs, conditions and options are evaluated to define:
    - Balanced agreed-upon enterprise objectives to be achieved.
    - Setting direction through prioritization and decision making.
    - Monitoring performance and compliance against agreed-upon direction and objectives.
    - Risk appetite – Aggressive, neutral, adverse.
- Management – How do we get to the destination (This is you).
  - Plans, builds, runs and monitors activities in alignment with the direction set by the governance to achieve the objectives.
  - Risk tolerance – How are we going to practically work with our risk appetite and our environment.

Tags: (ISC)², CISSP, CISSP CBK, CISSP Certification, CISSP class, CISSP domains, CISSP Practice questions, CISSP Salary, CISSP study, CISSP training

Thor Pedersen

IT, information security, and project management trainer Best selling CISSP. CISM, and PMP instructor on Udemy. CISSP, CISM, C|EH, CDPSE, PMP, 2x CCNP, CompTIA Security+, SCP, 3x CCNA, et. Al.

CISSP certification: Governance vs. Management.

Thor Pedersen

You Might Also Like

CISSP certification: Rules, laws and regulations (EU).

IT Security from The Guardian “Deloitte hit by cyber-attack revealing clients’ secret emails”

CISSP D3 Preview | Fire Suppression & Hot and Cold Aisles