Practice Exams:

The Essential Risk Analysis Process for CISSP Exam Success

Risk analysis is a fundamental concept in the field of information security, and it is a critical domain in the CISSP (Certified Information Systems Security Professional) exam. For anyone preparing for the CISSP certification, grasping the risk analysis process is not only essential for passing the exam but also vital for real-world security management. This part of the guide will cover what risk analysis means in the context of CISSP, why it matters, and the key components involved.

What is Risk Analysis?

Risk analysis is the systematic process of identifying, assessing, and managing risks to an organization’s information assets. It helps organizations understand what threats exist, the vulnerabilities that may be exploited, the likelihood of occurrence, and the potential impact on business operations.

Within CISSP, risk analysis is primarily discussed in the Security and Risk Management domain. The goal is to help security professionals prioritize security efforts and resources based on an understanding of where the most significant risks lie.

The Importance of Risk Analysis in CISSP

In the CISSP exam, understanding risk analysis is pivotal because:

  • Risk management drives security decisions: Organizations cannot protect everything equally due to budget, technology, and human resource limitations. Risk analysis provides a foundation for making informed decisions about where to allocate security resources most effectively.

  • Aligns security with business objectives: By analyzing risks, security teams can align their efforts with what matters most to the business. This helps ensure that security policies and controls support overall organizational goals.

  • Facilitates compliance: Many regulations and standards require organizations to conduct risk assessments regularly. CISSP candidates must understand risk analysis to ensure compliance with frameworks such as ISO 27001, NIST, HIPAA, and others.

  • Forms the basis for risk treatment: After identifying risks, organizations must decide how to respond—whether to mitigate, transfer, accept, or avoid them. Risk analysis informs these choices.

Key Concepts in Risk Analysis

Before diving into the risk analysis process, it’s important to understand some foundational terms frequently encountered in the CISSP curriculum:

  • Asset: Anything of value to the organization that requires protection. This can include hardware, software, data, people, and facilities.

  • Threat: Any potential cause of an unwanted incident, which may result in harm to a system or organization. Threats can be natural (e.g., earthquakes), human (e.g., hackers), or environmental (e.g., power failures).

  • Vulnerability: A weakness in a system or control that can be exploited by a threat to gain unauthorized access or cause damage.

  • Likelihood: The probability that a particular threat will exploit a vulnerability.

  • Impact: The consequence or effect on the organization if the threat exploits the vulnerability successfully.

  • Risk: The combination of the likelihood and impact of a threat exploiting a vulnerability.

Understanding these terms sets the stage for comprehending the risk analysis process.

The Risk Analysis Process Explained

The risk analysis process generally follows a series of logical steps designed to identify, evaluate, and prioritize risks. Although different frameworks may use slightly different terminology or additional steps, the core process remains consistent and aligns with CISSP standards.

Step 1: Identify Assets

The first step in risk analysis is to identify what you are protecting. This means compiling an inventory of all assets that have value to the organization. Assets include:

  • Physical assets (servers, laptops, networking devices)

  • Information assets (databases, intellectual property, customer data)

  • People (employees, contractors)

  • Software applications and services

  • Facilities (data centers, office buildings)

Each asset should be documented along with its value, since higher-value assets typically require stronger protection measures.

Step 2: Identify Threats

Once assets are identified, the next step is to determine what threats could potentially harm those assets. Threats are sources of potential harm or adverse effects. They can be broadly classified such as:

  • Natural threats: floods, earthquakes, fires, storms

  • Human threats: hackers, disgruntled employees, social engineering

  • Technological threats: hardware failures, software bugs, malware

Understanding the range of threats helps to anticipate possible attack vectors or failure modes that need to be addressed.

Step 3: Identify Vulnerabilities

A vulnerability is any weakness that can be exploited by a threat. This might be:

  • Unpatched software

  • Weak passwords

  • Lack of physical security controls

  • Poorly configured network devices

  • Insufficient staff training

Identifying vulnerabilities involves technical assessments, audits, penetration testing, and reviewing existing controls to find gaps that could be exploited.

Step 4: Analyze Likelihood

At this stage, the organization evaluates how likely it is that each threat will exploit a vulnerability. This is often qualitative (e.g., high, medium, low) or quantitative (e.g., percentage chance) depending on available data.

Factors influencing likelihood include:

  • Past incident history

  • Threat actor capability and motivation

  • Existing controls and defenses

  • Environmental conditions

Accurate estimation of likelihood allows prioritization of risks based on probability.

Step 5: Determine Impact

Impact measures the potential damage or loss that would occur if the threat exploited the vulnerability. Impact can be measured in terms of:

  • Financial loss

  • Operational downtime

  • Reputational damage

  • Legal or regulatory penalties

  • Safety or human life impacts

Different assets will have different impact levels depending on their role and importance in the organization.

Step 6: Calculate Risk

Risk is a function of likelihood and impact. Commonly, risk is calculated using the formula:

ini

CopyEdit

Risk = Likelihood × Impact

 

This calculation helps quantify the severity of each risk, allowing security teams to focus on the highest risks first. Some organizations use more complex models incorporating additional factors such as control effectiveness.

Step 7: Prioritize Risks

With risks calculated, they are ranked to identify which ones require immediate attention. High-risk items are usually prioritized for mitigation, while lower risks may be accepted or monitored.

Step 8: Recommend Risk Treatment Options

The final step involves deciding how to manage each risk. The four primary risk treatment strategies are:

  • Mitigation: Implement controls to reduce the likelihood or impact of a risk.

  • Avoidance: Change business processes or assets to eliminate the risk.

  • Transfer: Shift the risk to a third party, such as through insurance or outsourcing.

  • Acceptance: Acknowledge the risk and decide to accept it, usually when the cost of mitigation exceeds the benefit.

The treatment decisions should be aligned with the organization’s risk appetite and strategic goals.

Types of Risk Analysis Approaches

CISSP recognizes two main types of risk analysis approaches:

  • Qualitative Risk Analysis: Uses descriptive categories (e.g., high, medium, low) to assess risks. It relies on expert judgment and experience, and is faster and easier to perform, but less precise.

  • Quantitative Risk Analysis: Assigns numeric values to likelihood and impact, often involving financial metrics. It is more objective but requires more data and resources.

Many organizations use a hybrid approach, starting with qualitative assessments and refining with quantitative analysis for critical risks.

Tools and Frameworks for Risk Analysis

Several tools and frameworks assist CISSP candidates and professionals in performing risk analysis. Some widely recognized ones include:

  • NIST SP 800-30: Provides guidelines for conducting risk assessments in information systems.

  • ISO/IEC 27005: An international standard for information security risk management.

  • OCTAVE: A risk assessment methodology emphasizing organizational risk.

  • FAIR (Factor Analysis of Information Risk): A quantitative risk analysis framework.

Familiarity with these resources helps CISSP candidates understand industry best practices and exam expectations.

Common Challenges in Risk Analysis

While risk analysis is essential, it is not without challenges:

  • Data availability: Lack of accurate data can hinder precise risk estimation.

  • Rapidly changing threat landscape: Emerging threats require continuous updates to risk assessments.

  • Subjectivity: Qualitative methods depend heavily on expert opinions, which may vary.

  • Resource constraints: Time and budget limitations may impact the thoroughness of the analysis.

CISSP candidates should be aware of these challenges and how to address them by promoting continuous monitoring, collaboration, and the use of multiple data sources.

In this first part of the guide, we have laid the foundation for understanding the risk analysis process in the CISSP context. Risk analysis is about identifying what matters most to an organization, understanding what could go wrong, and prioritizing responses based on likelihood and impact. Mastering these concepts is essential not only to pass the CISSP exam but also to become an effective security professional.

In the next part, we will delve deeper into practical methodologies for performing risk analysis, including examples, tools, and real-world applications that will help cement your understanding and prepare you for exam questions.

Practical Methodologies and Tools for Effective Risk Analysis

In the previous section, we covered the foundational concepts and general steps involved in the risk analysis process. Now, to deepen your understanding and enhance your CISSP exam preparation, this part explores practical methodologies, tools, and best practices you can use to conduct thorough and efficient risk analyses.

Popular Risk Analysis Methodologies

CISSP candidates should be familiar with several structured methodologies for risk analysis. These methodologies provide systematic frameworks that guide security professionals through the process of identifying, assessing, and prioritizing risks.

1. NIST Risk Management Framework (RMF)

The National Institute of Standards and Technology (NIST) provides one of the most widely adopted frameworks for managing information security risk: the NIST RMF, detailed in publications like SP 800-37 and SP 800-30.

Key components include:

  • Categorize Information Systems: Identify and categorize information and information systems based on their sensitivity and criticality.

  • Select Security Controls: Based on risk categorization, select appropriate security controls from the NIST SP 800-53 catalog.

  • Implement Controls: Deploy the selected controls.

  • Assess Controls: Evaluate the effectiveness of implemented controls.

  • Authorize Systems: Make risk-based decisions about whether to authorize system operation.

  • Monitor Controls: Continuously monitor the security state and update risk assessments as necessary.

The NIST framework emphasizes continuous monitoring and adaptive risk management, which is important in today’s fast-evolving threat environment.

2. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)

Developed by Carnegie Mellon University, OCTAVE is a self-directed risk evaluation methodology that focuses on organizational risk from an operational perspective. It helps organizations identify critical assets and evaluate threats and vulnerabilities related to those assets.

OCTAVE’s three phases include:

  • Build Asset-Based Threat Profiles: Identify critical assets and threats.

  • Identify Infrastructure Vulnerabilities: Examine technical vulnerabilities.

  • Develop Security Strategy and Plans: Develop mitigation strategies based on risk priorities.

OCTAVE is particularly useful for organizations seeking a comprehensive, holistic view of risk that includes both technical and business aspects.

3. FAIR (Factor Analysis of Information Risk)

FAIR is a quantitative risk analysis model that allows organizations to estimate financial impacts of risk in dollar terms. It breaks down risk into components such as frequency and magnitude of loss.

FAIR’s core concepts include:

  • Loss Event Frequency (LEF): How often a loss event might occur.

  • Loss Magnitude: The probable size of the loss.

  • Threat Event Frequency: How often threats attempt to exploit vulnerabilities.

  • Vulnerability: Probability that an attempt will be successful.

Because FAIR provides financial metrics, it is invaluable for communicating risk to business executives and justifying security investments.

Applying Risk Analysis in Practice

When preparing for the CISSP exam or working in a security role, it’s helpful to apply the risk analysis process using examples and real-world scenarios.

Example Scenario: Risk Analysis for a Financial Institution’s Customer Database

  1. Identify Assets: The customer database is a critical asset containing sensitive financial information.

  2. Identify Threats: Threats may include hackers attempting unauthorized access, insider threats, malware infections, and physical theft of servers.

  3. Identify Vulnerabilities: Possible vulnerabilities include outdated software, weak access controls, lack of encryption, and insufficient employee training on phishing attacks.

  4. Analyze Likelihood: The likelihood of an external hacking attempt might be high given the value of the data, while physical theft might be low if the data center is secure.

  5. Determine Impact: The impact of a data breach could be catastrophic, including financial losses, legal penalties, reputational damage, and customer trust erosion.

  6. Calculate Risk: The risk of hacking is high due to high likelihood and impact, while physical theft risk might be medium or low.

  7. Prioritize Risks: Focus on strengthening access controls, patch management, and encryption to mitigate hacking risks.

  8. Risk Treatment: Mitigate risks through technical controls, implement employee awareness programs, and consider cyber insurance to transfer some risk.

This practical example illustrates how risk analysis directs attention and resources towards the most significant security challenges.

Risk Assessment Tools

Several tools can aid in performing risk analysis, from simple spreadsheets to sophisticated software suites. Some commonly used tools include:

  • Risk Matrices: Visual grids that help prioritize risks by plotting likelihood against impact. Useful for qualitative risk analysis.

  • Vulnerability Scanners: Tools like Nessus or OpenVAS identify vulnerabilities that may contribute to risk.

  • Risk Management Software: Solutions such as Archer, RiskWatch, or CRisk provide frameworks to document, analyze, and track risks.

  • Spreadsheets and Custom Templates: Many organizations create tailored risk registers and assessment templates to manage risk data.

Best Practices for Effective Risk Analysis

To maximize the effectiveness of your risk analysis efforts and prepare well for CISSP, keep these best practices in mind:

  • Engage Stakeholders: Include business leaders, IT staff, and security teams to gather diverse insights and ensure alignment with business objectives.

  • Document Thoroughly: Maintain detailed records of identified risks, assumptions, likelihood and impact ratings, and treatment decisions. This documentation is vital for audits and continuous improvement.

  • Use a Consistent Approach: Apply a repeatable methodology to ensure assessments are comparable over time and across different systems.

  • Regularly Update Risk Assessments: Risks evolve with new threats, system changes, and business growth. Schedule periodic reviews and updates.

  • Focus on Business Impact: Always relate technical findings to business consequences. This improves communication with executives and drives better decision-making.

  • Balance Qualitative and Quantitative Data: Use qualitative assessments where data is scarce, but strive to incorporate quantitative metrics whenever possible.

Preparing for CISSP Exam Questions on Risk Analysis

On the CISSP exam, risk analysis questions test both your conceptual understanding and your ability to apply methodologies. Common question types include:

  • Identifying the correct sequence of steps in the risk analysis process.

  • Choosing appropriate risk treatment strategies based on scenarios.

  • Differentiating between qualitative and quantitative risk analysis.

  • Applying concepts like asset valuation, threat identification, and vulnerability assessment.

  • Understanding key frameworks such as NIST RMF and OCTAVE.

To prepare effectively:

  • Review official CISSP study materials and practice questions.

  • Use real-world examples to reinforce concepts.

  • Memorize key definitions and processes.

  • Understand how different methodologies compare and when to apply them.

This section introduces practical methodologies and tools to perform effective risk analysis, including NIST RMF, OCTAVE, and FAIR. You saw how to apply the risk analysis process with real-world examples and learned best practices to make your assessments reliable and actionable. Equipped with this knowledge, you’ll be ready to tackle CISSP exam questions with confidence and implement risk analysis in your professional work.

Risk Evaluation, Treatment, and Continuous Monitoring for CISSP Mastery

In the earlier parts, we explored the foundations of risk analysis and examined practical methodologies and tools. Now, we shift focus to the critical phases of risk evaluation, treatment, and continuous monitoring — key areas that often appear in CISSP exam questions and play a vital role in maintaining an effective security posture.

Risk Evaluation: Understanding and Prioritizing Risks

After identifying risks, the next essential step is to evaluate them to understand their significance and prioritize resources effectively.

Risk Evaluation Criteria

When evaluating risks, organizations use several criteria:

  • Likelihood (Probability): How probable is it that a particular threat will exploit a vulnerability?

  • Impact (Consequence): What is the extent of damage or loss if the threat is realized?

  • Risk Appetite: The level of risk the organization is willing to accept without mitigation.

  • Risk Tolerance: The specific threshold or limits within the risk appetite that guide decision-making.

Evaluating these factors helps classify risks inch as high, medium, or low priority. This classification directs the organization’s risk treatment strategy.

Qualitative vs. Quantitative Risk Evaluation

  • Qualitative Evaluation relies on descriptive categories such as “high,” “medium,” or “low” risk. It is often quicker and less data-intensive, making it useful for early-stage or broad assessments.

  • Quantitative Evaluation uses numerical values to estimate risk, often expressed in financial terms, frequency of occurrence, or statistical probability. This approach is more precise but requires extensive data and analysis.

CISSP exam questions may test your ability to differentiate these approaches and understand when each is appropriate.

Risk Treatment: Choosing the Right Response

Once risks are evaluated and prioritized, organizations must decide how to handle each risk. The CISSP curriculum outlines four primary risk treatment strategies:

1. Risk Avoidance

Risk avoidance means eliminating the risk, often by discontinuing the activity or changing business processes to avoid exposure.

Example: If a system has a high risk of breach and no effective mitigation, an organization might avoid the risk by not using that system at all.

2. Risk Mitigation (Reduction)

Risk mitigation involves implementing controls to reduce the likelihood or impact of a risk.

Example: Applying firewalls, patch management, encryption, and user training to reduce the risk of cyberattacks.

3. Risk Transfer

Risk transfer shifts the impact of risk to a third party, typically through insurance or outsourcing.

Example: Purchasing cyber insurance or contracting with a cloud provider who assumes certain security responsibilities.

4. Risk Acceptance

When the risk is within the organization’s tolerance, it may be accepted without additional controls. This often happens when the cost of mitigation exceeds the potential loss.

Example: Accepting the risk of minor hardware failure because the cost of redundancy is too high.

Selecting Appropriate Controls

Risk treatment often involves selecting security controls that align with the risk profile. Controls fall into three categories:

  • Technical Controls: Firewalls, antivirus software, encryption, access control systems.

  • Administrative Controls: Policies, procedures, training, and incident response plans.

  • Physical Controls: Locks, surveillance, secure facilities.

CISSP candidates should understand how controls fit into risk treatment and be able to identify controls that address specific risks.

Continuous Risk Monitoring and Review

Risk management is not a one-time activity but a continuous process. Threat landscapes, business operations, and technologies evolve, making ongoing monitoring essential.

Key Aspects of Continuous Monitoring

  • Reassessing Risk: Regularly update risk assessments to reflect new threats, vulnerabilities, and changes in business priorities.

  • Performance Monitoring: Track the effectiveness of implemented controls.

  • Incident Analysis: Use security incidents and near misses to refine risk evaluations.

  • Compliance Audits: Ensure controls meet regulatory requirements.

  • Reporting: Keep stakeholders informed about the current risk posture and changes.

Implementing a Risk Management Program

For CISSP aspirants, understanding how to embed risk analysis into a larger risk management program is crucial. Such a program integrates risk analysis with risk treatment and monitoring into organizational governance.

Risk Management Frameworks

  • ISO/IEC 27005: Provides guidance for information security risk management aligned with the ISO/IEC 27001 standard.

  • COSO ERM Framework: Enterprise risk management focusing on broader business risks.

  • NIST Risk Management Framework: As discussed earlier, emphasizing continuous monitoring and control assessment.

Successful implementation requires management commitment, defined roles and responsibilities, and integration with business objectives.

Common CISSP Exam Scenarios on Risk Treatment and Monitoring

  • Selecting the best risk response strategy given a scenario.

  • Understanding which security controls address specific risk types.

  • Explaining the importance of continuous monitoring in risk management.

  • Differentiating between risk tolerance and risk appetite.

  • Describing how risk treatment fits within the overall risk management lifecycle.

Tips to Master This Topic for the CISSP Exam

  • Memorize the four risk treatment options and be ready to identify examples.

  • Understand how to evaluate risk likelihood and impact qualitatively and quantitatively.

  • Practice linking security controls to specific risks and treatments.

  • Familiarize yourself with continuous monitoring activities and their role in maintaining security posture.

  • Use scenario-based practice questions to apply theory in realistic situations.
    This section details how to evaluate risks, select appropriate treatment strategies, and implement continuous monitoring to maintain an adaptive and resilient security posture. Mastering these concepts prepares you to handle complex risk management questions on the CISSP exam and contributes to effective organizational security.

Integrating Risk Analysis with Overall Security Governance and Real-World Application

After understanding the core components of risk analysis—including identification, assessment, treatment, and continuous monitoring—this final part focuses on integrating risk analysis within the broader framework of security governance and real-world implementation strategies that align with CISSP principles.

Risk Analysis as a Pillar of Security Governance

Security governance defines the policies, procedures, and structures that guide an organization’s information security strategy. Risk analysis is fundamental here, providing the data and insights necessary for informed governance decisions.

  • Alignment with Business Objectives: Risk analysis ensures security efforts support business goals, minimizing disruptions while protecting critical assets.

  • Policy Development: Results of risk analysis inform the creation and refinement of security policies, standards, and guidelines.

  • Accountability and Roles: Governance structures clarify who is responsible for risk assessment, decision-making, and implementation of risk treatments.

  • Regulatory Compliance: Many regulations mandate risk assessment as part of compliance efforts (e.g., GDPR, HIPAA, PCI-DSS). Risk analysis helps demonstrate due diligence.

CISSP candidates should recognize that risk analysis is not isolated but interwoven with governance frameworks, enabling strategic security management.

The Role of Communication in Risk Analysis

Effective communication is crucial to risk analysis success:

  • Stakeholder Engagement: Keeping executives, business units, and technical teams informed encourages buy-in and facilitates resource allocation.

  • Reporting Risk: Translating technical risks into business impact terms helps non-technical stakeholders understand urgency and consequences.

  • Risk Acceptance Decisions: Clear communication supports consensus-building on which risks to accept or mitigate.

  • Training and Awareness: Educating staff about identified risks and controls enhances the overall security culture.

In CISSP scenarios, demonstrating how communication supports risk management efforts is often necessary.

Real-World Challenges in Risk Analysis

Implementing risk analysis in practice is complex and may encounter challenges:

  • Incomplete or Inaccurate Data: Poor asset inventories or unknown vulnerabilities can undermine analysis quality.

  • Rapidly Evolving Threats: New vulnerabilities and attack techniques emerge constantly, requiring agile reassessment.

  • Resource Constraints: Limited budgets and personnel may restrict mitigation options.

  • Balancing Security and Usability: Overly stringent controls can hinder business operations.

  • Cultural Resistance: Staff or leadership may resist changes prompted by risk findings.

Overcoming these requires strong leadership, continuous education, and adaptive processes.

Case Study: Implementing Risk Analysis in a Healthcare Organization

Consider a healthcare provider aiming to protect patient records:

  • Asset Identification: Electronic health records (EHR) systems and associated databases.

  • Threats: Cyberattacks (ransomware, phishing), insider threats, natural disasters.

  • Vulnerabilities: Outdated software, lack of multi-factor authentication, inadequate backup systems.

  • Risk Evaluation: High impact due to sensitive data and regulatory fines; likelihood elevated because of frequent phishing attempts.

  • Treatment: Implementing encryption, robust access controls, employee training, and incident response plans.

  • Continuous Monitoring: Automated alerts for suspicious activity, regular audits, and compliance reviews.

This integrated approach aligns with CISSP risk principles and illustrates how organizations safeguard critical data.

Tips to Excel in CISSP Exam Questions on Risk Governance

  • Know how risk analysis informs governance and policy development.

  • Understand the importance of communication and reporting in risk management.

  • Be prepared to discuss common challenges and mitigation strategies.

  • Be familiar with real-world examples and how they map to CISSP concepts.

Final Thoughts on Mastering Risk Analysis for CISSP Success

Risk analysis is a dynamic, ongoing process central to effective information security management. Success in the CISSP exam requires not only memorizing definitions and steps but also understanding how to apply risk analysis in varied scenarios and how it integrates with governance and compliance.

Focus on:

  • Grasping core concepts and frameworks.

  • Practicing scenario-based questions.

  • Linking risk concepts to business objectives.

  • Staying aware of evolving threats and industry best practices.

With consistent study and practical insight, mastering the risk analysis process will become a strong asset in your CISSP journey and your career as a security professional.

This concluding section highlighted the critical relationship between risk analysis and security governance, emphasized the role of communication, addressed real-world challenges, and provided practical examples. These insights round out your understanding of the risk analysis process for CISSP exam readiness and professional application.

Final Thoughts: 

Risk analysis is at the heart of effective information security management and a critical domain within the CISSP exam. Understanding its full lifecycle—from identifying and assessing risks to evaluating, treating, and continuously monitoring them—enables security professionals to make informed decisions that protect organizational assets while aligning with business goals.

Remember these key takeaways:

  • Comprehensive Understanding: Grasp the difference between qualitative and quantitative risk assessments, and know when to apply each.

  • Strategic Risk Treatment: Be clear on the four primary risk responses—avoidance, mitigation, transfer, and acceptance—and how to select the best approach based on context.

  • Continuous Process: Risk management is not a one-time task but requires ongoing monitoring, re-evaluation, and adjustment to respond to evolving threats and changes in the organizational environment.

  • Integration with Governance: Risk analysis does not stand alone; it must fit within the broader framework of security governance, policy development, and compliance.

  • Effective Communication: Translating technical risks into business impact and fostering stakeholder engagement are vital for successful risk management.

  • Real-World Application: Being able to relate concepts to practical scenarios strengthens your CISSP readiness and your effectiveness as a security practitioner.

Approach your CISSP preparation with these insights in mind, and use practice questions and real-world examples to deepen your understanding. Mastery of risk analysis will not only help you pass the exam but also empower you to contribute meaningfully to your organization’s security posture.

Stay disciplined, study consistently, and remember: risk analysis is a cornerstone skill that will serve you well throughout your cybersecurity career.

Related posts:

  1. CISSP Exam Prep: Deep Dive into Covert Channel Analysis
  2. Top 5 Certifications To Grab in 2014
  3. Mastering Covert Channel Analysis for CISSP: A Strategic Guide to Hidden Communication Threats
  4. CISSP Exam Prep: The Essential Knowledge Management Resource
  5. Mastering the Network+ Exam: Advanced Strategies for Success
  6. CISSP Exam Prep: Monitoring and Intrusion Detection Essentials
  7. CISSP Exam Prep: In-Depth Penetration Testing Concepts
  8. CISSP Exam Prep: Business Continuity Planning and the Business Impact Assessment
  9. Documenting Business Continuity Plans for CISSP Success
  10. Documenting Business Continuity Plans for CISSP Success
img