Book Image

Certified Information Security Manager Exam Prep Guide

By : Hemang Doshi
Book Image

Certified Information Security Manager Exam Prep Guide

By: Hemang Doshi

Overview of this book

With cyber threats on the rise, IT professionals are now choosing cybersecurity as the next step to boost their career, and holding the relevant certification can prove to be a game-changer in this competitive market. CISM is one of the top-paying and most sought-after certifications by employers. This CISM Certification Guide comprises comprehensive self-study exam content for those who want to achieve CISM certification on the first attempt. This book is a great resource for information security leaders with a pragmatic approach to challenges related to real-world case scenarios. You'll learn about the practical aspects of information security governance and information security risk management. As you advance through the chapters, you'll get to grips with information security program development and management. The book will also help you to gain a clear understanding of the procedural aspects of information security incident management. By the end of this CISM exam book, you'll have covered everything needed to pass the CISM certification exam and have a handy, on-the-job desktop reference guide.

Related Content you might be interested in

Current Title:

Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Nov, 2021 | 616 pages
Small book image
CISA – Certified Information Systems Auditor Study Guide
Hemang Doshi
Aug, 2020 | 590 pages
Small book image
CISA – Certified Information Systems Auditor Study Guide
Hemang Doshi
Jun, 2023 | 330 pages
Small book image
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Shobhit Mehta
Sep, 2023 | 316 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Get in touch
Share your thoughts
1
Section 1: Information Security Governance
Section 1: Information Security Governance
Free Chapter
2
Chapter 1: Information Security Governance
Chapter 1: Information Security Governance
Introducing information security governance
Understanding governance, risk management, and compliance
Discovering the maturity model
Getting to know the information security roles and responsibilities
Finding out about the governance of third-party relationships
Obtaining commitment from senior management
Introducing the business case and the feasibility study
Understanding information security governance metrics
Summary
3
Chapter 2: Practical Aspects of Information Security Governance
Chapter 2: Practical Aspects of Information Security Governance
Information security strategy and plan
Information security program
Enterprise information security architecture
Organizational structure
Record retention
Awareness and education
Summary
4
Section 2: Information Risk Management
Section 2: Information Risk Management
5
Chapter 3: Overview of Information Risk Management
Chapter 3: Overview of Information Risk Management
Risk management overview
Risk management strategy
Implementing risk management
Risk assessment and analysis methodologies
Risk assessment
Summary
6
Chapter 4: Practical Aspects of Information Risk Management
Chapter 4: Practical Aspects of Information Risk Management
Information asset classification
Asset valuation
Operational risk management
Outsourcing and third-party service providers
Risk management integration with the process life cycle
Summary
7
Chapter 5: Procedural Aspects of Information Risk Management
Chapter 5: Procedural Aspects of Information Risk Management
Change management
Patch management
Security baseline controls
Risk monitoring and communication
Security awareness training and education
Documentation
Summary
8
Section 3: Information Security Program Development Management
Section 3: Information Security Program Development Management
9
Chapter 6: Overview of Information Security Program Development Management
Chapter 6: Overview of Information Security Program Development Management
Information security program management overview
Information security program objectives
Information security framework components
Defining an information security program road map
Policy, standards, and procedures
Security budget
Security program management and administrative activities
Privacy laws
Summary
10
Chapter 7: Information Security Infrastructure and Architecture
Chapter 7: Information Security Infrastructure and Architecture
Information security architecture
Architecture implementation
Access control
Virtual private networks
Biometrics
Factors of authentication
Wireless network
Different attack methods
Summary
11
Chapter 8: Practical Aspects of Information Security Program Development Management
Chapter 8: Practical Aspects of Information Security Program Development Management
Cloud computing
Controls and countermeasures
Penetration testing
Security program metrics and monitoring
Summary
12
Chapter 9: Information Security Monitoring Tools and Techniques
Chapter 9: Information Security Monitoring Tools and Techniques
Firewall types and their implementation
IDSes and IPSes
Digital signature
Elements of PKI
Asymmetric encryption
Summary
13
Section 4: Information Security Incident Management
Section 4: Information Security Incident Management
14
Chapter 10: Overview of Information Security Incident Manager
Chapter 10: Overview of Information Security Incident Manager
Incident management overview
Incident response procedure
Incident management metrics and indicators
The current state of the incident response capabilities
Developing an incident response plan
Summary
15
Chapter 11: Practical Aspects of Information Security Incident Management
Chapter 11: Practical Aspects of Information Security Incident Management
Business continuity and disaster recovery procedures
Testing incident response, BCP, and DRP
Executing response and recovery plans
Post-incident activities and investigation
Summary
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

Penetration testing

In penetration testing, the tester uses the same techniques as used by hackers to gain access to critical systems/data. This helps the auditor to determine the security environment of the organization. Penetration testing helps to identify the risk relevant to the confidentiality, integrity, and availability of information systems. The objective of penetration testing is to verify the control environment of the organization and to take corrective action if a deficiency is noted. Penetration testing needs to be conducted only by a qualified and experienced professional.

Aspects to be covered within the scope of the test

From a risk perspective, the following aspects need to be covered within the scope of penetration testing:

  • Precise details of IP addresses need to be included in the scope of the audit. Details of the testing technique (SQL injection/DoS/DDoS/social engineering, and so on) should be provided.
  • The day and time of the attack (that...
Previous Section
End of Section 4
Next Section