🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 1.1 - Security 101

This opening episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series lays the foundations of security for Domain 1. It looks at why security exists at all, how it relates to the rest of the business, how a security program gets started and matures, and the mindset that keeps protection working long after the first controls go in.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

Why does security exist?

Security exists to keep the organization operating. Attackers try to steal data and damage physical and logical systems, and security is what lets the business continue anyway. The key framing for the exam is that security is a business management concern, not just a technical one — it supports the mission, goals, and objectives of the whole organization.

How is security different from information technology?

Information technology is the hardware and software that runs the business — think of it as the engine. Security is the management discipline that keeps that engine reliable and protected, like the brakes and safety checks on a car. One makes the car move, and the other makes it safe to drive.

How do you test whether your defenses actually hold?

You use three kinds of evaluation. A risk assessment identifies your assets, the threats against them, and your vulnerabilities so you can calculate risk. A vulnerability assessment uses automated tools to find known weaknesses so you can patch them, and penetration testing has a trusted team actively stress-test your defenses to find the gaps before a real attacker does.

Why must security be cost-effective and legally defensible?

No organization has an unlimited budget, so security competes for funding with every other part of the business — you choose controls that give the most protection for the lowest cost and spend where the risk is highest. Security must also be legally defensible because the law is your final backstop: well-supported choices shield the organization from fines, penalties, and charges of negligence.

Why is security never truly finished?

Security is a journey, not a finish line. You can never fully secure anything because the ground keeps shifting — your technology changes, your users change, and attackers keep finding new flaws. The defense that was strong yesterday may fail tomorrow, so you reassess and respond as new vulnerabilities and exploits appear.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 1.1 - Security 101.