Domain 1: Security and Risk Management

1.1 Understand, adhere to, and promote professional ethics:

• (ISC)2 Code of Professional Ethics
• Organizational code of ethics

1.2 Understand and apply security concepts:

• Confidentiality, integrity, and availability, authenticity, and nonrepudiation

1.3 Evaluate and apply security governance principles:

• Alignment of the security function to business strategy, goals, mission, and objectives
• Organizational processes (for example, acquisitions, divestitures, governance committees)
• Organizational roles and responsibilities
• Security control frameworks
• Due care/due diligence

1.4 Determine compliance and other requirements:

• Contractual, legal, industry standards, and regulatory requirements
• Privacy requirements

1.5 Understand legal and regulatory issues that pertain to information security in a holistic context:

• Cybercrimes and data breaches
• Licensing and Intellectual...