CHAPTER 2

Information Security Governance

This domain includes questions from the following topics:

• Business alignment

• Security strategy development

• Security governance

• Information security strategy development

• Resources needed to develop and execute a security strategy

• Information security metrics

The topics in this chapter represent 24 percent of the Certified Information Security Manager (CISM) examination. This chapter discusses CISM job practice 1, “Information Security Governance.”

ISACA defines this domain as follows: “Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives.”

When properly ...

Get CISM Certified Information Security Manager Practice Exams now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.