CHAPTER 4

Information Security Program Development and Management

This domain includes questions from the following topics:

• Benefits and outcomes from an information risk management perspective

• Risk assessment and risk management frameworks

• Developing a risk management strategy

• The risk management lifecycle process

• Integrating risk management into an organization’s practices and culture

• The components of a risk assessment: asset value, vulnerabilities, threats, and probability and impact of occurrence

• Risk treatment options: mitigate, accept, transfer, avoid

• The risk register

• Monitoring and reporting risk

The topics in this chapter represent 27 percent of the Certified Information Security Manager (CISM) examination. This ...

Get CISM Certified Information Security Manager Practice Exams now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.