CISSP - Security Governance Aligning Security with Business
Watch on YouTube Security governance is how organizations connect security controls to business strategy, mission, and objectives. This video covers CISSP Domain 1 Subtopic 1.3: alignment to business goals, organizational processes (acquisitions and divestitures), governance committees, the CISO role and reporting structure, and a detailed comparison of NIST CSF 2.0, ISO/IEC 27001, COBIT 2019, and SABSA. The video closes with the due care vs. due diligence distinction - one of the most commonly tested concepts in Domain 1. Watch the next video: CISSP 1.4 - Compliance, Laws, and Regulations.
▶ Watch next: CISSP - Compliance Laws Regulations and Standards [1.4] https://www.youtube.com/watch?v=FwqJJDZVd8E
Chapters
- 0:00 Why Security Governance Exists
- 2:30 Aligning Security to Business Strategy
- 5:17 Organizational Processes and Governance Committees
- 7:52 Roles and Responsibilities: CISO and Beyond
- 11:15 Security Control Frameworks Compared
- 14:40 Due Care vs. Due Diligence
- 17:35 Putting It All Together
- 19:55 Quiz Time
Security governance is how organizations connect security controls to business strategy, mission, and objectives. This video covers CISSP Domain 1 Subtopic 1.
Key Topics
- Why Security Governance Exists
- Aligning Security to Business Strategy
- Organizational Processes and Governance Committees
- Roles and Responsibilities: CISO and Beyond
- Security Control Frameworks Compared
- Due Care vs. Due Diligence
- Putting It All Together