Security+ 7×7 · Video 5
Security+ Domain 5: Governance, Risk, Compliance & Security Program Management
Master the management side of security: risk, governance, compliance, audits, policies, third parties, and security program oversight.
Watch the session
Video lesson
Exam focus
Risk and governance drive security decisions.
Domain 5 tests policies, risk decisions, compliance, program management, and why controls exist from a business perspective.
What you will learn
- ✅ How risk, likelihood, and impact work
- ✅ How policies and standards differ
- ✅ How compliance and audits fit security
- ✅ How to reason through governance scenarios
Key SY0-701 concepts
- • Risk assessment, risk register, risk appetite, residual risk
- • Governance, policies, standards, procedures, guidelines
- • Compliance, audits, evidence, regulations, contractual obligations
- • Third-party risk and vendor management
- • Security awareness, program management, and oversight
Practice focus
Practice risk scenarios. Identify the asset, threat, vulnerability, impact, likelihood, control, residual risk, and business decision.
Session resources
Download and study
Action step
Write one risk scenario.
Create a simple risk register entry with asset, threat, vulnerability, likelihood, impact, mitigation, and residual risk.
FAQ
Common questions
Is GRC technical?
It is less tool-heavy but very important. You must understand how risk and governance shape security decisions.
Should I memorize policies?
Know the differences between policies, standards, procedures, baselines, and guidelines, then practice scenarios.
What comes next?
Continue to Session 6 for PBQs, scenarios, firewalls, IAM, logs, and cloud security simulation.