O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CISM Certified Information Security Manager All-in-One Exam Guide

Book Description

This effective study guide provides 100% coverage of every topic on the latest version of the CISM exam

Written by an information security executive consultant, experienced author, and university instructor, this highly effective integrated self-study system enables you to take the challenging CISM exam with complete confidence. CISM Certified Information Security Manager All-in-One Exam Guide covers all four exam domains developed by ISACA. You’ll find learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. All questions closely match those on the live test in tone, format, and content. “Note,” “Tip,” and “Caution” sections throughout provide real-world insight and call out potentially harmful situations. Beyond fully preparing you for the exam, the book also serves as a valuable on-the-job reference.

Covers all exam domains, including:

•Information security governance

•Information risk management

•Information security program development and management

•Information security incident management

CD ICON

Electronic content includes:

•400 practice exam questions

•Test engine that provides full-length practice exams and customizable quizzes by exam topic

•Secured book PDF



Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents at a Glance
  6. Contents
  7. Acknowledgments
  8. Introduction
  9. Chapter 1 Becoming a CISM
    1. Benefits of CISM Certification
    2. Becoming a CISM Professional
      1. Experience Requirements
    3. ISACA Code of Professional Ethics
    4. The Certification Exam
    5. Exam Preparation
      1. Before the Exam
      2. Day of the Exam
      3. After the Exam
    6. Applying for CISM Certification
    7. Retaining Your CISM Certification
      1. Continuing Education
      2. CPE Maintenance Fees
    8. Revocation of Certification
    9. Summary
  10. Chapter 2 Information Security Governance
    1. Introduction to Information Security Governance
      1. Reason for Security Governance
      2. Security Governance Activities and Results
      3. Business Alignment
      4. Roles and Responsibilities
      5. Monitoring Responsibilities
      6. Information Security Governance Metrics
      7. The Security Balanced Scorecard
      8. Business Model for Information Security
    2. Security Strategy Development
      1. Strategy Objectives
      2. Control Frameworks
      3. Risk Objectives
      4. Strategy Resources
      5. Strategy Development
      6. Strategy Constraints
      7. Chapter Review
        1. Notes
        2. Questions
        3. Answers
  11. Chapter 3 Information Risk Management
    1. Risk Management Concepts
      1. The Importance of Risk Management
      2. Outcomes of Risk Management
      3. Risk Management Technologies
    2. Implementing a Risk Management Program
      1. Risk Management Strategy
      2. Risk Management Frameworks
      3. Risk Management Context
      4. Gap Analyses
      5. External Support
    3. The Risk Management Life Cycle
      1. The Risk Management Process
      2. Risk Management Methodologies
      3. Asset Identification and Valuation
      4. Asset Classification
      5. Asset Valuation
      6. Threat Identification
      7. Vulnerability Identification
      8. Risk Identification
      9. Risk, Likelihood, and Impact
      10. Risk Analysis Techniques and Considerations
    4. Operational Risk Management
      1. Risk Management Objectives
      2. Risk Management and Business Continuity Planning
      3. Third-Party Risk Management
      4. The Risk Register
      5. Integration of Risk Management into Other Processes
      6. Risk Monitoring and Reporting
      7. Key Risk Indicators
      8. Training and Awareness
      9. Risk Documentation
    5. Chapter Review
      1. Notes
      2. Questions
      3. Answers
  12. Chapter 4 Information Security Program Development and Management
    1. Information Security Programs
      1. Outcomes
      2. Charter
      3. Scope
      4. Information Security Management Frameworks
      5. Defining a Road Map
      6. Information Security Architecture
    2. Security Program Management
      1. Security Governance
      2. Risk Management
      3. The Risk Management Program
      4. The Risk Management Process
      5. Risk Treatment
      6. Audits and Reviews
      7. Policy Development
      8. Third-Party Risk Management
      9. Administrative Activities
    3. Security Program Operations
      1. Event Monitoring
      2. Vulnerability Management
      3. Secure Engineering and Development
      4. Network Protection
      5. Endpoint Protection and Management
      6. Identity and Access Management
      7. Security Incident Management
      8. Security Awareness Training
      9. Managed Security Services Providers
      10. Data Security
      11. Business Continuity Planning
    4. IT Service Management
      1. Service Desk
      2. Incident Management
      3. Problem Management
      4. Change Management
      5. Configuration Management
      6. Release Management
      7. Service-Level Management
      8. Financial Management
      9. Capacity Management
      10. Service Continuity Management
      11. Availability Management
      12. Asset Management
    5. Controls
      1. Control Classification
      2. Internal Control Objectives
      3. Information Systems Control Objectives
      4. General Computing Controls
      5. Control Frameworks
      6. Controls Development
      7. Control Assessment
    6. Metrics and Monitoring
      1. Types of Metrics
      2. Audiences
    7. Continuous Improvement
    8. Chapter Review
      1. Notes
      2. Questions
      3. Answers
  13. Chapter 5 Information Security Incident Management
    1. Security Incident Response Overview
      1. Phases of Incident Response
    2. Incident Response Plan Development
      1. Objectives
      2. Maturity
      3. Resources
      4. Roles and Responsibilities
      5. Gap Analysis
      6. Plan Development
    3. Responding to Security Incidents
      1. Detection
      2. Initiation
      3. Evaluation
      4. Eradication
      5. Recovery
      6. Remediation
      7. Closure
      8. Post-incident Review
    4. Business Continuity and Disaster Recovery Planning
      1. Business Continuity Planning
      2. Disaster Recovery Planning
      3. Testing BC and DR Plans
      4. Chapter Review
        1. Notes
        2. Questions
        3. Answers
  14. Appendix About the Download
    1. System Requirements
    2. Installing and Running Total Tester
    3. About Total Tester
    4. Technical Support
  15. Glossary
  16. Index