Certified Information Security Manager Exam Guide: Aligned with the latest edition of the CISM Review Manual to help you pass the CISM exam with confidence
- Length: 566 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2021-12-09
- ISBN-10: 1801074100
- ISBN-13: 9781801074100
- Sales Rank: #0 (See Top 100 Books)
Pass the Certified Information Security Manager (CISM) exam and implement your organization’s security strategy with ease
Key Features
- Pass the CISM exam confidently with this step-by-step guide
- Explore practical solutions that validate your knowledge and expertise in managing enterprise information security teams
- Enhance your cybersecurity skills with practice questions and mock tests
Book Description
With cyber threats on the rise, IT professionals are now choosing cybersecurity as the next step to boost their career, and holding the relevant certification can prove to be a game-changer in this competitive market. CISM is one of the top-paying and most sought-after certifications by employers.
CISM Certification Guide comprises comprehensive self-study exam content for those who want to achieve CISM certification on the first attempt. This book is a great resource for information security leaders with a pragmatic approach toward challenges related to real-world case scenarios. You’ll learn about the practical aspects of information security governance and information security risk management. As you advance through the chapters, you’ll get to grips with information security program development and management. The book will also help you to gain a clear understanding of the procedural aspects of information security incident management.
By the end of this CISM exam book, you’ll have covered everything needed to pass the CISM certification exam and have a handy, on-the-job desktop reference guide.
What you will learn
- Understand core exam objectives to pass the CISM exam with confidence
- Create and manage your organization’s information security policies and procedures with ease
- Broaden your knowledge of the organization’s security strategy designing
- Manage information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives
- Find out how to monitor and control incident management procedures
- Discover how to monitor activity relating to data classification and data access
Who This Book Is For
If you are an aspiring information security manager, IT auditor, chief information security officer (CISO), or risk management professional who wants to achieve certification in information security, then this book is for you. A minimum of two years’ experience in the field of information technology is needed to make the most of this book. Experience in IT audit, information security, or related fields will be helpful.
Table of Contents
- Overview of Information Security Governance
- Practical Aspects of Information Security Strategy
- Overview of Risk Management
- Practical Aspects of Information Risk Management
- Procedural Aspects of Information Risk Management
- Overview of Information Security Program Development and Management
- Information Security Infrastructure and Architecture
- Practical Aspects of Information Security Program Development Management
- Information Security Monitoring Tools and Techniques
- Overview of Information Security Incident Management
- Practical Aspects of Information Security Incident Management
Certified Information Security Manager Exam Prep Guide Contributors About the author About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the color images Get in touch Share your thoughts Section 1: Information Security Governance Chapter 1: Information Security Governance Introducing information security governance The responsibility of information security governance Governance framework Key aspects from the CISM exam perspective Questions Understanding governance, risk management, and compliance Key aspects from the CISM exam perspective Questions Discovering the maturity model Key aspects from the CISM exam perspective Questions Getting to know the information security roles and responsibilities Board of directors Senior management Business process owners Steering committee Chief information security officer Chief operating officer Data custodian Communication channel Indicators of a security culture Key aspects from the CISM exam perspective Questions Finding out about the governance of third-party relationships The culture of an organization Compliance with laws and regulations Key aspects from the CISM exam perspective Questions Obtaining commitment from senior management Information security investment Strategic alignment Key aspects from the CISM exam perspective Questions Introducing the business case and the feasibility study Feasibility analysis Key aspects from the CISM exam perspective Questions Understanding information security governance metrics The objective of metrics Technical metrics vis-à-vis governance-level metrics Characteristics of effective metrics Key aspects from the CISM exam perspective Questions Summary Chapter 2: Practical Aspects of Information Security Governance Information security strategy and plan Information security policies Key aspects from the CISM exam perspective Practice questions Information security program Key aspects from the CISM exam perspective Practice questions Enterprise information security architecture Challenges in designing security architectures Benefits of security architectures Key aspects from the CISM exam perspective Practice questions Organizational structure Board of directors Security steering committee Reporting of the security function Centralized vis-à-vis decentralized security functioning Key aspects from the CISM exam perspective Practice questions Record retention Electronic discovery Key aspects from the CISM exam perspective Practice questions Awareness and education Increasing the effectiveness of security training Key aspects from the CISM exam perspective Summary Section 2: Information Risk Management Chapter 3: Overview of Information Risk Management Risk management overview Phases of risk management The outcome of the risk management program Key aspects from the CISM exam's perspective Questions Risk management strategy Risk capacity, appetite, and tolerance Risk communication Risk awareness Tailored awareness program Training effectiveness Awareness training for senior management Key aspects from the CISM exam's perspective Questions Implementing risk management Risk management process Integrating risk management in business processes Prioritization of risk response Defining a risk management framework Defining the external and internal environment Determining the risk management context Gap analysis Cost-benefit analysis Other kinds of organizational support Key aspects from the CISM exam's perspective Questions Risk assessment and analysis methodologies Phases of risk assessment Risk assessment Asset identification Asset valuation Aggregated and cascading risk Identifying risk Threats and vulnerabilities Risk, likelihood, and impact Risk register Risk analysis Annual loss expectancy Value at Risk (VaR) OCTAVE Other risk analysis methods Evaluating risk Risk ranking Risk ownership and accountability Risk treatment options Understanding inherent risk and residual risk Security baseline Key aspects from the CISM exam's perspective Questions Summary Chapter 4: Practical Aspects of Information Risk Management Information asset classification Benefits of classification Understanding the steps involved in classification Success factors for effective classification Criticality, sensitivity, and impact assessment Business dependency assessment Risk analysis Business interruptions Key aspects from the CISM exam's perspective Questions Asset valuation Determining the criticality of assets Key aspects from the CISM exam's perspective Questions Operational risk management Recovery time objective (RTO) Recovery Point Objective (RPO) Difference between RTO and RPO Service delivery objective (SDO) Maximum tolerable outage (MTO) Allowable interruption window (AIW) Questions Outsourcing and third-party service providers Evaluation criteria for outsourcing Steps for outsourcing Outsourcing – risk reduction options Provisions for outsourcing contracts The role of the security manager in monitoring outsourced activities Service-level agreement Right to audit clause Impact of privacy laws on outsourcing Sub-contracting/fourth party Compliance responsibility Key aspects from the CISM exam's perspective Questions Risk management integration with the process life cycle System development life cycle Key aspects from the CISM exam's perspective Questions Summary Chapter 5: Procedural Aspects of Information Risk Management Change management The objective of change management Approval from the system owner Regression testing Involvement of the security team Preventive control Key aspects from a CISM exam perspective Questions Patch management Key aspects from a CISM exam perspective Questions Security baseline controls Benefits of a security baseline Developing a security baseline Key aspects from a CISM exam perspective Questions Risk monitoring and communication Risk reporting Key risk indicators Reporting significant changes in risk Key aspects from a CISM exam perspective Questions Security awareness training and education Key aspects from a CISM exam perspective Questions Documentation Summary Section 3: Information Security Program Development Management Chapter 6: Overview of Information Security Program Development Management Information security program management overview Outcomes of an information security program The starting point of a security program Information security charter Support from senior management Defense in depth Key aspects from a CISM exam perspective Questions Information security program objectives Key aspects from a CISM exam perspective Questions Information security framework components Framework – success factor Key aspects from a CISM exam perspective Questions Defining an information security program road map Gap analysis Value of a security program Security program integration with another department Key aspects from a CISM exam perspective Questions Policy, standards, and procedures Reviewing and updating documents Key aspects from a CISM exam perspective Questions Security budget Key aspects from a CISM exam perspective Questions Security program management and administrative activities Information security team Acceptable usage policy Documentation Project management Program budgeting Plan – do – check – act Security operations Key aspects from a CISM exam perspective Questions Privacy laws Questions Summary Chapter 7: Information Security Infrastructure and Architecture Information security architecture Key learning aspects from the CISM exam perspective Questions Architecture implementation Key aspects from the CISM exam perspective Questions Access control Mandatory access control Discretionary access control Role-based access control Degaussing (demagnetizing) Key aspects from the CISM exam perspective Questions Virtual private networks VPNs – technical aspects Advantages of VPNs VPNs – security risks Virtual desktop infrastructure environment Key aspects from the CISM exam perspective Questions Biometrics Biometrics – accuracy measure Biometric sensitivity tuning Control over the biometric process Types of biometric attacks Questions Factors of authentication Password management Key aspects from the CISM exam perspective Questions Wireless network Enabling encryption Enabling MAC filtering Disabling the SSID Disabling DHCP Common attack methods and techniques for a wireless network Key aspects from the CISM exam perspective Questions Different attack methods Key aspects from the CISM exam perspective Questions Summary Chapter 8: Practical Aspects of Information Security Program Development Management Cloud computing Cloud computing – deployment models Types of cloud services Cloud computing – the security manager's role Key aspects from a CISM exam perspective Questions Controls and countermeasures Countermeasures General controls and application-level controls Control categories Failure mode – fail closed or fail open Continuous monitoring Key aspects from a CISM exam perspective Questions Penetration testing Aspects to be covered within the scope of the test Types of penetration tests White box testing and black box testing Risks associated with penetration testing Key aspects from a CISM exam perspective Questions Security program metrics and monitoring Objective of metrics Monitoring Attributes of effective metrics Information security objectives and metrics Useful metrics for management Key aspects from a CISM exam perspective Questions Summary Chapter 9: Information Security Monitoring Tools and Techniques Firewall types and their implementation Types of firewalls Types of firewall implementation Placing firewalls Source routing Firewall and the corresponding OSI layer Key aspects from the CISM exam's perspective Questions IDSes and IPSes Intrusion detection system Intrusion prevention system Difference between IDS and IPS Honeypots and honeynets Key aspects from the CISM exam's perspective Questions Digital signature Creating a digital signature What is a hash or message digest? Key aspects from the CISM exam's perspective Questions Elements of PKI PKI terminologies The process of issuing a PKI CA versus RA Single point of failure Functions of RA Key aspects from the CISM exam's perspective Questions Asymmetric encryption Symmetric encryption vis a vis asymmetric encryption Encryption keys Using keys for different objectives Key aspects from the CISM exam's perspective Questions Summary Section 4: Information Security Incident Management Chapter 10: Overview of Information Security Incident Manager Incident management overview Objectives of incident management Phases of the incident management life cycle Incident management, business continuity, and disaster recovery Incident management and service delivery objective Maximum tolerable outage (MTO) and allowable interruption window (AIW) Key aspects from the CISM exam’s perspective Practice questions Incident response procedure The outcome of incident management The role of the information security manager Security Information and Event Management (SIEM) Key aspects from the CISM exam’s perspective Practice questions Incident management metrics and indicators Key performance indicators and key goal indicators Metrics for incident management Reporting to senior management The current state of the incident response capabilities History of incidents Threats and vulnerabilities Threats Vulnerability Developing an incident response plan Elements of an IRP Gap analysis Business impact analysis Escalation process Help desk/service desk process for identifying incidents Incident management and response teams Incident notification process Challenges in developing an incident management plan Key aspects from the CISM exam’s perspective Practice questions Summary Chapter 11: Practical Aspects of Information Security Incident Management Business continuity and disaster recovery procedures Phases of recovery planning Recovery sites Continuity of network services Insurance Key aspects from the CISM exam's perspective Practice questions Testing incident response, BCP, and DRP Types of test Effectiveness of tests Category of tests Recovery test metrics Success criteria for the test Key aspects from the CISM exam's perspective Practice questions Executing response and recovery plans Key aspects from the CISM exam's perspective Practice questions Post-incident activities and investigation Identifying the root cause and corrective action Documenting the event Chain of custody Key aspects from the CISM exam's perspective Practice questions Summary Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share your thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Certified Information Security Manager Exam Guide: Aligned with the latest edition of the CISM Review Manual to help you pass the CISM exam with confidence
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.