📚 Domain 1 – Security and Risk Management

📘 D1.2 – Governance: Policies, Standards, Guidelines, Procedures (🇬🇧 / 🇫🇷)

This memo summarizes major cybersecurity frameworks and compliance standards referenced in Domain 1 of the CISSP exam.

🔧 NIST – National Institute of Standards and Technology

📘 NIST Cybersecurity Framework (CSF)

Purpose: Provide a voluntary risk-based approach to managing cybersecurity.
5 Core Functions:
Identify
Protect
Detect
Respond
Recover

🧠 FR : Cadre de cybersécurité basé sur le risque. Très utilisé aux USA. Les 5 fonctions servent de guide pour construire une stratégie de cybersécurité complète.

📘 NIST SP 800-53

Defines detailed security controls for federal information systems (used in FISMA)
Categories: Management / Operational / Technical controls

📚 ISO/IEC 27001 – Information Security Management System (ISMS)

Purpose: Establish and improve a certified security management system
Focus: Risk management, policies, awareness, business continuity
Can be certified: Yes (unlike NIST)

🧠 FR : Norme internationale pour gérer un système de gestion de la sécurité (SGSI). Peut être certifiée.

Purpose: Align IT with business goals
Focus: Governance, auditability, and accountability in IT management

🧠 FR : Cadre de gouvernance IT. Permet de relier objectifs métiers et sécurité des systèmes.

📊 ITIL – Information Technology Infrastructure Library

Purpose: Improve service delivery in IT environments
Focus: IT service management (ITSM), incidents, changes, availability

🧠 FR : Bibliothèque de bonnes pratiques pour améliorer la qualité des services informatiques.

📈 SOC Reports (Service Organization Controls)

SOC 1: Financial controls
SOC 2: Security, Availability, Integrity, Confidentiality, Privacy
SOC 3: Public-facing version of SOC 2 report

🧠 Quick Tips for Exam

Framework	Purpose
NIST CSF	Risk-based cyber defense (USA)
ISO/IEC 27001	International security certification
COBIT	IT governance and control
ITIL	IT service management
SOC 2	Security assurance for SaaS/cloud

⬆️ Back to top