Certified Information Security Manager Exam Prep Guide: Gain the confidence to pass the CISM exam using test-oriented study material, 2nd Edition
- Length: 718 pages
- Edition: 2
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2023-01-10
- ISBN-10: 1804610631
- ISBN-13: 9781804610633
- Sales Rank: #0 (See Top 100 Books)
Master information security fundamentals with comprehensive explanations of concepts
Purchase of the book unlocks access to web-based tools like practice questions, flashcards, and more to take your CISM prep to the next level
Key Features
- Use this comprehensive resource to prepare for ISACA’s CISM certification
- Unlock free online tools including interactive practice questions, exam tips, and flashcards to effectively prepare for the CISM exam
- Understand the theory behind information security program development and management
Book Description
CISM is a globally recognized and much sought-after certification in the field of IT security. This second edition of the Certified Information Security Manager Exam Prep Guide is up to date with complete coverage of the exam content through comprehensive and exam-oriented explanations of core concepts. Written in a clear, succinct manner, this book covers all four domains of the CISM Review Manual.
With this book, you’ll unlock access to a powerful exam-prep platform which includes interactive practice questions, exam tips, and flashcards. The platform perfectly complements the book and even lets you bring your questions directly to the author.
This mixed learning approach of exploring key concepts through the book and applying them to answer practice questions online is designed to help build your confidence in acing the CISM certification.
By the end of this book, you’ll have everything you need to succeed in your information security career and pass the CISM certification exam with this handy, on-the-job desktop reference guide.
What you will learn
- Understand core exam objectives to prepare for the CISM exam with confidence
- Get to grips with detailed procedural guidelines for effective information security incident management
- Execute information security governance in an efficient manner
- Strengthen your preparation for the CISM exam using interactive flashcards and practice questions
- Conceptualize complex topics through diagrams and examples
- Find out how to integrate governance, risk management, and compliance functions
Who This Book Is For
If you’re an IT professional, IT security officer, or risk management executive looking to upgrade your career by passing the CISM exam, this book is for you. Basic familiarity with information security concepts is required to make the most of this book.
Certified Information Security Manager Exam Prep Guide Second Edition Why subscribe? Contributors About the author About the reviewers Packt is searching for authors like you Preface Online Exam-Prep Tools Who This Book Is For What This Book Covers How to Get the Most Out of This Book Recorded Lectures Requirements for the Online Content Instructions for Unlocking the Online Content Quick Access to the Website CISM Syllabus – 2022 Download a free PDF copy of this book Enterprise Governance Importance of Information Security Governance Desired Outcomes of Good Information Security Governance Responsibility for Information Security Governance Steps for Establishing Governance Governance Framework Top-Down and Bottom-Up Approaches Key Aspects from the CISM Exam Perspective A Note on the Practice Questions Practice Question Set 1 Organizational Culture Acceptable Usage Policy Ethics Training Practice Question Set 2 Legal, Regulatory, and Contractual Requirements Key Aspects from the CISM Exam Perspective Practice Question Set 3 Retention of Business Records Electronic Discovery Key Aspects from the CISM Exam Perspective Practice Question Set 4 Organizational Structure Board of Directors Security Steering Committee Reporting of Security Functions Centralized vis-à-vis Decentralized Security Functioning Practice Question Set 5 Information Security Roles and Responsibilities RACI Chart Board of Directors Senior Management Business Process Owners Steering Committee Chief Information Security Officer Chief Operating Officer Data Custodian Communication Channel Indicators of a Security Culture Key Aspects from the CISM Exam Perspective Practice Question Set 6 Maturity Model Key Aspects from the CISM Exam Perspective Practice Question Set 7 Governance of Third-Party Relationships Information Security Governance Metrics The Objective of Metrics Technical Metrics vis-à-vis Governance-Level Metrics Characteristics of Effective Metrics Key Aspects from the CISM Exam Perspective Practice Question Set 8 Summary Revision Questions Information Security Strategy Information Security Strategy and Plan Information Security Policies Key Aspects from the CISM Exam Perspective Practice Question Set 1 Information Governance Frameworks and Standards The Objective of Information Security Governance Information Security/Cybersecurity Management Frameworks The IT Balanced Scorecard Practice Question Set 2 Information Security Programs Key Aspects from the CISM Exam Perspective Practice Question Set 3 Enterprise Information Security Architecture Challenges in Designing the Security Architecture Benefits of Security Architecture Key Aspects from the CISM Exam Perspective Practice Question Set 4 Awareness and Education Increasing the Effectiveness of Security Training Key Aspects from the CISM Exam Perspective Governance, Risk Management, and Compliance Key Aspects from the CISM Exam Perspective Practice Question Set 5 Senior Management Commitment Information Security Investment Strategic Alignment Key Aspects from the CISM Exam Perspective Practice Question Set 6 Business Case and Feasibility Study Key Aspects from the CISM Exam Perspective Practice Question Set 7 Summary Revision Questions Information Risk Assessment Understanding Risk Key Aspects from the CISM Exam Perspective Practice Question Set 1 Differentiating Risk Identification, Risk Analysis, and Risk Evaluation Risk Management Risk Assessment Risk Analysis Risk Evaluation Differentiating Risk Capacity, Risk Appetite, and Risk Tolerance Key Aspects from the CISM Exam Perspective Practice Question Set 2 Inherent Risk and Residual Risk Inherent Risk Residual Risk Differentiating between Inherent Risk and Residual Risk Key Aspects from the CISM Exam Perspective Practice Question Set 3 Phases of Risk Management Phases of Risk Management The Outcome of a Risk Management Program Key Aspects from the CISM Exam Perspective Practice Question Set 4 Risk Awareness Tailored Awareness Programs Training Effectiveness Awareness Training for Senior Management Key Aspects from the CISM Exam Perspective Practice Question Set 5 Risk Assessment Phases of Risk Assessment Key Aspects from the CISM Exam Perspective Practice Question Set 6 Risk Identification Risk Identification Process Conducting Interviews Delphi Technique Asset Identification Asset Valuation Aggregated and Cascading Risk Aggregated Risk Cascading Risk Key Aspects from the CISM Exam Perspective Practice Question Set 7 Risk Analysis Quantitative Risk Analysis Challenges in Implementing the Quantitative Method Qualitative Risk Analysis Semi-Quantitative Risk Analysis The Best Method for Risk Analysis Annual Loss Expectancy Value at Risk (VaR) OCTAVE Other Risk Analysis Methods Key Aspects from the CISM Exam Perspective Practice Question Set 8 Risk Evaluation Risk Ranking Practice Question Set 9 Risk Register Practice Question Set 10 Emerging Risk and the Threat Landscape Emerging Threats Advanced Persistent Threats Practice Question Set 11 Vulnerability and Control Deficiency Key Aspects from the CISM Exam Perspective Practice Question Set 12 Security Baselines Risk Communication Summary Information Risk Response Risk Treatment/Risk Response Options Risk Mitigation Risk Sharing/Transferring Risk Avoidance Risk Acceptance Key Aspects from the CISM Exam Perspective Practice Question Set 1 Risk Ownership and Accountability Key Aspects from the CISM Exam Perspective Practice Question Set 2 Risk Monitoring and Communication Risk Reporting Key Risk Indicators Reporting Significant Changes in Risk Key Aspects from the CISM Exam Perspective Practice Question Set 3 Implementing Risk Management Risk Management Process Integrating Risk Management into Business Processes Prioritization of Risk Response Defining a Risk Management Framework Defining the External and Internal Environment Determining the Risk Management Context Gap Analysis Cost-Benefit Analysis Other Kinds of Organizational Support Key Aspects from the CISM Exam Perspective Practice Question Set 4 Change Management Objectives of Change Management Approval from the System Owner Regression Testing Involvement of the Security Team Preventive Controls Key Aspects from the CISM Exam Perspective Practice Question Set 5 Patch Management Key Aspects from the CISM Exam Perspective Practice Question Set 6 Operational Risk Management Recovery Time Objective Recovery Point Objective Difference between RTO and RPO RTO and RPO for Critical Systems RTO, RPO, and Maintenance Costs RTO, RPO, and Disaster Tolerance RTO, RPO, and BIA Service Delivery Objective Maximum Tolerable Outage Allowable Interruption Window Practice Question Set 7 Risk Management Integration with Life Cycle System Development Life Cycle Key Aspects from the CISM Exam Perspective Practice Question Set 8 Summary Revision Questions Information Security Program Development Information Security Program Overview Ideal Outcomes of an Information Security Program Strategic Alignment Risk Management Value Delivery Resource Management Performance Management Assurance Process Integration The Starting Point of a Security Program Information Security Charter Support from Senior Management Defense in Depth Key Aspects from the CISM Exam Perspective Practice Question Set 1 Information Security Program Resources Information Asset Identification and Classification Benefits of Classification Understanding the Steps Involved in Classification Success Factors for the Effective Classification of Assets Criticality, Sensitivity, and Impact Assessment Business Dependency Assessment Risk Analysis Business Interruptions Key Aspects from the CISM Exam Perspective Practice Question Set 2 Information Asset Valuation Determining the Criticality of Assets Key Aspects from the CISM Exam Perspective Practice Question Set 3 Industry Standards and Frameworks for Information Security Framework – Success Factors Some Industry-Recognized Frameworks Key Aspects from the CISM Exam Perspective Practice Question Set 4 Information Security Policies, Procedures, and Guidelines Reviewing and Updating Documents Key Aspects from the CISM Exam Perspective Practice Question Set 5 Defining an Information Security Program Roadmap Gap Analysis The Value of a Security Program Integration of the Security Program with Other Departments Key Aspects from the CISM Exam Perspective Practice Question Set 6 Information Security Program Metrics Objective of Metrics Monitoring Attributes of Effective Metrics Information Security Objectives and Metrics Useful Metrics for Management Key Aspects from the CISM Exam Perspective Practice Question Set 7 Summary Revision Questions Information Security Program Management Information Security Control Design and Selection Countermeasures General Controls and Application-Level Controls Control Categories Failure Modes – Fail Closed or Fail Open Continuous Monitoring Key Aspects from the CISM Exam Perspective Practice Question Set 1 Security Baseline Controls Developing a Security Baseline Key Aspects from the CISM Exam Perspective Practice Question Set 2 Information Security Awareness and Training Key Aspects from the CISM Exam Perspective Practice Question Set 3 Management of External Services and Relationships Evaluation Criteria for Outsourcing Steps for Outsourcing Outsourcing – Risk Reduction Options Provisions for Outsourcing Contracts The Security Manager's Role in Outsourcing Service-Level Agreements Right-to-Audit Clause Impact of Privacy Laws on Outsourcing Subcontracting/Fourth Party Compliance Responsibility Key Aspects from the CISM Exam Perspective Practice Question Set 4 Documentation Information Security Program Objectives Key Aspects from the CISM Exam Perspective Practice Question Set 5 Security Budget Key Aspects from the CISM Exam Perspective Practice Question Set 6 Security Program Management and Administrative Activities Information Security Team Roles and Responsibilities External Resources Acceptable Usage Policy Documentation Project Management Program Budgeting Plan – Do – Check – Act Security Operations Key Aspects from the CISM Exam Perspective Practice Question Set 7 Privacy Laws Practice Question Set 8 Cloud Computing Cloud Computing – Deployment Models The Private Cloud The Public Cloud The Community Cloud The Hybrid Cloud Types of Cloud Services Cloud Computing – the Security Manager's Role Key Aspects from the CISM Exam Perspective Practice Question Set 9 Summary Revision Questions Information Security Infrastructure and Architecture Information Security Architecture Key Aspects from the CISM Exam Perspective Practice Question Set 1 Architecture Implementation Key Aspects from the CISM Exam Perspective Practice Question Set 2 Access Control Mandatory Access Control Discretionary Access Control Role-Based Access Control Degaussing (Demagnetizing) Key Aspects from the CISM Exam Perspective Practice Question Set 3 Virtual Private Networks VPNs – Technical Aspects Advantages of a VPN VPN Security Risks Virtual Desktop Environments Key Aspects from the CISM Exam Perspective Practice Question Set 4 Biometrics Biometrics – Accuracy Measure False Acceptance Rate False Rejection Rate Cross Error Rate or Equal Error Rate Relationship between FAR and FRR The Most Reliable Biometric Identifier Biometric Sensitivity Tuning Control over the Biometric Process Types of Biometric Attacks Practice Question Set 5 Factors of Authentication Password Management Key Aspects from the CISM Exam Perspective Practice Question Set 6 Wireless Networks Encryption Enabling MAC Filtering Disabling a Service Set Identifier Disabling Dynamic Host Configuration Protocol Common Attack Methods and Techniques for Wireless Networks Rogue Access Points Wardriving Warwalking Warchalking Key Aspects from the CISM Exam Perspective Practice Question Set 7 Different Attack Methods for Information Security Key Aspects from the CISM Exam Perspective Practice Question Set 8 Summary Revision Questions Information Security Monitoring Tools and Techniques Firewall Types and Implementations Types of Firewalls Packet filtering Router Stateful Inspection Circuit-Level Application-Level Types of Firewall Implementation Dual-Homed Firewall Screened Host Firewall Screened Subnet Firewall (DMZ) Placement of Firewalls Source Routing Firewall Types and Their Corresponding OSI Layers Key Aspects from the CISM Exam Perspective Practice Question Set 1 Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems Network-Based and Host-Based IDSs Components of an IDS Limitations of an IDS Types of IDS Placement of IDSs Intrusion Prevention Systems Difference between IDSs and IPSs Honeypots and Honeynets Key Aspects from the CISM Exam Perspective Practice Question Set 2 Digital Signatures Steps for Creating a Digital Signature What is a Hash or a Message Digest? Key Aspects from the CISM Exam Perspective Practice Question Set 3 Public Key Infrastructure PKI Terminology Processes Involved in PKI CA versus RA Single Point of Failure Functions of an RA Key Aspects from the CISM Exam Perspective Practice Question Set 4 Cryptography Symmetric Encryption vis-à-vis Asymmetric Encryption Encryption Keys The Use of Keys for Different Objectives Confidentiality Authentication Non-Repudiation Integrity Key Aspects from the CISM Exam Perspective Practice Question Set 5 Penetration Testing Aspects to be Covered within the Scope of Penetration Testing Types of Penetration Tests External Testing Internal Testing Blind Testing Double-Blind Testing Targeted Testing White Box Testing and Black Box Testing Risks Associated with Penetration Testing Key Aspects from the CISM Exam Perspective Practice Question Set 6 Summary Revision Questions Incident Management Readiness Incident Management and Incident Response Overview The Relationship between Incident Management and Incident Response The Objectives of Incident Management Phases of the Incident Management Life Cycle Phase 1 – Planning and Preparation Phase 2 – Detection, Triage, and Investigation Phase 3 – Containment and Recovery Phase 4 – Post-Incident Review Phase 5 – Incident Closure Incident Management, Business Continuity, and Disaster Recovery Incident Management and the Service Delivery Objective Maximum Tolerable Outage (MTO) and Allowable Interruption Window (AIW) Key Aspects from the CISM Exam Perspective Practice Question Set 1 Incident Management and Incident Response Plans Elements of the IRP Preparation Identification and Triage Containment Eradication Recovery Lessons Learned Gap Analysis Business Impact Analysis Goals of a BIA Steps of a BIA Escalation Process Help Desk/Service Desk Process for the Identification of Incidents Incident Management and Response Teams Incident Notification Process Challenges in Developing an Incident Management Plan Key Aspects from the CISM Exam Perspective Practice Question Set 2 Business Continuity and Disaster Recovery Procedures Phases of Recovery Planning Recovery Sites Mirrored Site Hot Site Warm Site Cold Site Mobile Site Reciprocal Agreements Factors Impacting Recovery Site Selection Allowable Interruption Window Recovery Time Objective Recovery Point Objective Service Delivery Objective Maximum Tolerable Outage Continuity of Network Services Alternative Routing Diverse Routing Key Aspects from the CISM Exam Perspective Practice Question Set 3 Insurance Key Aspects from the CISM Exam Perspective Practice Question Set 4 Incident Classification/Categorization Help/Service Desk Processes for Identifying Security Incidents Practice Question Set 5 Testing Incident Response, BCP, and DRP Types of Tests Checklist Review Structured Walk-through Simulation Test Parallel Test Full Interruption Test Effectiveness of Tests Category of Tests Paper Test/Desk-based Evaluation Preparedness Test Full Operational Test Recovery Test Metrics Success Criteria for Tests Key Aspects from the CISM Exam Perspective Practice Question Set 6 Summary Revision Questions Incident Management Operations Incident Management Tools and Technologies Incident Management Systems Security Information and Event Management Endpoint Detection and Response Extended Detection and Response Managed Detection and Response Personnel Incident Response Teams Audits Outsourced Security Providers Practice Question Set 1 Executing Response and Recovery Plans Key Aspects from the CISM Exam Perspective Practice Question Set 2 Incident Containment Methods Practice Question Set 3 Incident Response Communications Practice Question Set 4 Incident Eradication Practice Question Set 5 Recovery Practice Question Set 6 Post-Incident Activities and Investigations Identifying the Root Cause and Taking Corrective Action Documenting Events Chain of Custody Key Aspects from the CISM Exam Perspective Practice Question Set 7 Incident Response Procedures The Outcome of Incident Management The Role of the Information Security Manager Security Information and Event Management Key Aspects from the CISM Exam Perspective Practice Question Set 8 Incident Management Metrics and Indicators Key Performance Indicators and Key Goal Indicators Metrics for Incident Management Reporting to Senior Management The Current State of Incident Response Capabilities History of Incidents Threats and Vulnerabilities Threats Vulnerabilities Summary Revision Questions Answers to Practice Questions Chapter 1: Enterprise Governance Practice Question Set 1 Practice Question Set 2 Practice Question Set 3 Practice Question Set 4 Practice Question Set 5 Practice Question Set 6 Practice Question Set 7 Practice Question Set 8 Revision Questions Chapter 2: Information Security Strategy Practice Question Set 1 Practice Question Set 2 Practice Question Set 3 Practice Question Set 4 Practice Question Set 5 Practice Question Set 6 Practice Question Set 7 Revision Questions Chapter 3: Information Risk Assessment Practice Question Set 1 Practice Question Set 2 Practice Question Set 3 Practice Question Set 4 Practice Question Set 5 Practice Question Set 6 Practice Question Set 7 Practice Question Set 8 Practice Question Set 9 Practice Question Set 10 Practice Question Set 11 Practice Question Set 12 Chapter 4: Information Risk Response Practice Question Set 1 Practice Question Set 2 Practice Question Set 3 Practice Question Set 4 Practice Question Set 5 Practice Question Set 6 Practice Question Set 7 Practice Question Set 8 Revision Questions Chapter 5: Information Security Program Development Practice Question Set 1 Practice Question Set 2 Practice Question Set 3 Practice Question Set 4 Practice Question Set 5 Practice Question Set 6 Practice Question Set 7 Revision Questions Chapter 6: Information Security Program Management Practice Question Set 1 Practice Question Set 2 Practice Question Set 3 Practice Question Set 4 Practice Question Set 5 Practice Question Set 6 Practice Question Set 7 Practice Question Set 8 Practice Question Set 9 Revision Questions Chapter 7: Information Security Infrastructure and Architecture Practice Question Set 1 Practice Question Set 2 Practice Question Set 3 Practice Question Set 4 Practice Question Set 5 Practice Question Set 6 Practice Question Set 7 Practice Question Set 8 Revision Questions Chapter 8: Information Security Monitoring Tools and Techniques Practice Question Set 1 Practice Question Set 2 Practice Question Set 3 Practice Question Set 4 Practice Question Set 5 Practice Question Set 6 Revision Questions Chapter 9: Incident Management Readiness Practice Question Set 1 Practice Question Set 2 Practice Question Set 3 Practice Question Set 4 Practice Question Set 5 Practice Question Set 6 Revision Questions Chapter 10: Incident Management Operations Practice Question Set 1 Practice Question Set 2 Practice Question Set 3 Practice Question Set 4 Practice Question Set 5 Practice Question Set 6 Practice Question Set 7 Practice Question Set 8 Revision Questions
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Certified Information Security Manager Exam Prep Guide: Gain the confidence to pass the CISM exam using test-oriented study material, 2nd Edition
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.