Domain 5: Security Program Management and Oversight
Chapter 23, Summarize elements of effective security governance, summarizes key elements of security governance including guidelines, policies, standards, and procedures.
Chapter 24, Explain elements of the risk management process, focuses on elements of security governance related to risk management, covering risk identification, assessment, analysis, and management strategies.
Chapter 25, Explain the processes associated with third-party risk assessment and management, explores the processes involved in assessing and managing third-party risks, including vendor assessment, selection, and monitoring.
Chapter 26, Summarize elements of effective security compliance, summarizes the elements of effective security compliance, including reporting, monitoring, privacy, and legal implications.
Chapter 27, Explain types and purposes of audits and assessments, discusses various types of audits and assessments, including attestation, internal, external, and penetration testing.
Chapter 28, Given a scenario, implement security awareness practices, covers the implementation of security awareness practices in different scenarios, focusing on phishing, anomalous behavior recognition, and user guidance.