Book Image

Certified Information Security Manager Exam Prep Guide

By : Hemang Doshi
Book Image

Certified Information Security Manager Exam Prep Guide

By: Hemang Doshi

Overview of this book

With cyber threats on the rise, IT professionals are now choosing cybersecurity as the next step to boost their career, and holding the relevant certification can prove to be a game-changer in this competitive market. CISM is one of the top-paying and most sought-after certifications by employers. This CISM Certification Guide comprises comprehensive self-study exam content for those who want to achieve CISM certification on the first attempt. This book is a great resource for information security leaders with a pragmatic approach to challenges related to real-world case scenarios. You'll learn about the practical aspects of information security governance and information security risk management. As you advance through the chapters, you'll get to grips with information security program development and management. The book will also help you to gain a clear understanding of the procedural aspects of information security incident management. By the end of this CISM exam book, you'll have covered everything needed to pass the CISM certification exam and have a handy, on-the-job desktop reference guide.

Related Content you might be interested in

Current Title:

Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Nov, 2021 | 616 pages
Small book image
CISA – Certified Information Systems Auditor Study Guide
Hemang Doshi
Aug, 2020 | 590 pages
Small book image
CISA – Certified Information Systems Auditor Study Guide
Hemang Doshi
Jun, 2023 | 330 pages
Small book image
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Shobhit Mehta
Sep, 2023 | 316 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Get in touch
Share your thoughts
1
Section 1: Information Security Governance
Section 1: Information Security Governance
Free Chapter
2
Chapter 1: Information Security Governance
Chapter 1: Information Security Governance
Introducing information security governance
Understanding governance, risk management, and compliance
Discovering the maturity model
Getting to know the information security roles and responsibilities
Finding out about the governance of third-party relationships
Obtaining commitment from senior management
Introducing the business case and the feasibility study
Understanding information security governance metrics
Summary
3
Chapter 2: Practical Aspects of Information Security Governance
Chapter 2: Practical Aspects of Information Security Governance
Information security strategy and plan
Information security program
Enterprise information security architecture
Organizational structure
Record retention
Awareness and education
Summary
4
Section 2: Information Risk Management
Section 2: Information Risk Management
5
Chapter 3: Overview of Information Risk Management
Chapter 3: Overview of Information Risk Management
Risk management overview
Risk management strategy
Implementing risk management
Risk assessment and analysis methodologies
Risk assessment
Summary
6
Chapter 4: Practical Aspects of Information Risk Management
Chapter 4: Practical Aspects of Information Risk Management
Information asset classification
Asset valuation
Operational risk management
Outsourcing and third-party service providers
Risk management integration with the process life cycle
Summary
7
Chapter 5: Procedural Aspects of Information Risk Management
Chapter 5: Procedural Aspects of Information Risk Management
Change management
Patch management
Security baseline controls
Risk monitoring and communication
Security awareness training and education
Documentation
Summary
8
Section 3: Information Security Program Development Management
Section 3: Information Security Program Development Management
9
Chapter 6: Overview of Information Security Program Development Management
Chapter 6: Overview of Information Security Program Development Management
Information security program management overview
Information security program objectives
Information security framework components
Defining an information security program road map
Policy, standards, and procedures
Security budget
Security program management and administrative activities
Privacy laws
Summary
10
Chapter 7: Information Security Infrastructure and Architecture
Chapter 7: Information Security Infrastructure and Architecture
Information security architecture
Architecture implementation
Access control
Virtual private networks
Biometrics
Factors of authentication
Wireless network
Different attack methods
Summary
11
Chapter 8: Practical Aspects of Information Security Program Development Management
Chapter 8: Practical Aspects of Information Security Program Development Management
Cloud computing
Controls and countermeasures
Penetration testing
Security program metrics and monitoring
Summary
12
Chapter 9: Information Security Monitoring Tools and Techniques
Chapter 9: Information Security Monitoring Tools and Techniques
Firewall types and their implementation
IDSes and IPSes
Digital signature
Elements of PKI
Asymmetric encryption
Summary
13
Section 4: Information Security Incident Management
Section 4: Information Security Incident Management
14
Chapter 10: Overview of Information Security Incident Manager
Chapter 10: Overview of Information Security Incident Manager
Incident management overview
Incident response procedure
Incident management metrics and indicators
The current state of the incident response capabilities
Developing an incident response plan
Summary
15
Chapter 11: Practical Aspects of Information Security Incident Management
Chapter 11: Practical Aspects of Information Security Incident Management
Business continuity and disaster recovery procedures
Testing incident response, BCP, and DRP
Executing response and recovery plans
Post-incident activities and investigation
Summary
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

Risk assessment

As we discussed in the previous section, risk assessment includes the following three components:

  • Risk identification
  • Risk analysis (to determine the level of risk; that is, whether the risk is high, medium, or low)
  • Risk evaluation (to determine whether the risk is acceptable or whether risk treatment is required)

Asset identification

The first and most important step in a risk assessment process is to identify and list all the information assets and determine their value based on criticality or sensitivity. In the absence of a detailed asset inventory, you may miss out on protecting some significant assets. Assets can be in the form of people, processes, system and network components, databases, or any other factor that can have an impact on business processes. Assets aren't only tangible assets but intangible assets such as the reputation of the organization.

Asset valuation

Once all the assets have been identified, the next...

Previous Section
End of Section 6
Next Section