The following Canons are shown in the priority that they should be followed. To become a CISSP you must adhere to Ethical actions. Before taking the CISSP exam you must sign and agree to the code of ethics of the (ISC)2 organization.
(ISC)2 CODE OF ETHICS CANONS

Do no harm. Protect society, the commonwealth, and the infrastructure.
Act [...]

Security Policies in an organization’s security system are divided into two broad categories:
1. Management’s Security Policy (or Organizational Policy)
This is the high level security policy of the whole organization. It provides management’s security goals and objectives in writing. It documents compliance and creates a security culture within the company. It establishes also the security activity/function, and [...]

In Quantitative Risk Analysis, we try to translate every information asset element into monetary value. There are three steps in Quantitative Risk Analysis:

Determine Single Loss Expectancy (SLE):
Single Loss Expectancy is a measure of the money loss that an information asset will suffer due to the activation of a threat.
SLE = Asset Value ($) x Exposure Factor [...]