Certified Information Security Manager Exam Prep Guide

By : Hemang Doshi

Certified Information Security Manager Exam Prep Guide

By: Hemang Doshi

Overview of this book

With cyber threats on the rise, IT professionals are now choosing cybersecurity as the next step to boost their career, and holding the relevant certification can prove to be a game-changer in this competitive market. CISM is one of the top-paying and most sought-after certifications by employers. This CISM Certification Guide comprises comprehensive self-study exam content for those who want to achieve CISM certification on the first attempt. This book is a great resource for information security leaders with a pragmatic approach to challenges related to real-world case scenarios. You'll learn about the practical aspects of information security governance and information security risk management. As you advance through the chapters, you'll get to grips with information security program development and management. The book will also help you to gain a clear understanding of the procedural aspects of information security incident management. By the end of this CISM exam book, you'll have covered everything needed to pass the CISM certification exam and have a handy, on-the-job desktop reference guide.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Get in touch

Share your thoughts

Section 1: Information Security Governance

Free Chapter

Chapter 1: Information Security Governance

Introducing information security governance

Understanding governance, risk management, and compliance

Discovering the maturity model

Getting to know the information security roles and responsibilities

Finding out about the governance of third-party relationships

Obtaining commitment from senior management

Introducing the business case and the feasibility study

Understanding information security governance metrics

Summary

Chapter 2: Practical Aspects of Information Security Governance

Information security strategy and plan

Information security program

Enterprise information security architecture

Organizational structure

Record retention

Awareness and education

Summary

Section 2: Information Risk Management

Chapter 3: Overview of Information Risk Management

Risk management overview

Risk management strategy

Implementing risk management

Risk assessment and analysis methodologies

Risk assessment

Summary

Chapter 4: Practical Aspects of Information Risk Management

Information asset classification

Asset valuation

Operational risk management

Outsourcing and third-party service providers

Risk management integration with the process life cycle

Summary

Chapter 5: Procedural Aspects of Information Risk Management

Change management

Patch management

Security baseline controls

Risk monitoring and communication

Security awareness training and education

Documentation

Summary

Section 3: Information Security Program Development Management

Chapter 6: Overview of Information Security Program Development Management

Information security program management overview

Information security program objectives

Information security framework components

Defining an information security program road map

Policy, standards, and procedures

Security budget

Security program management and administrative activities

Privacy laws

Summary

Chapter 7: Information Security Infrastructure and Architecture

Information security architecture

Architecture implementation

Access control

Virtual private networks

Biometrics

Factors of authentication

Wireless network

Different attack methods

Summary

Chapter 8: Practical Aspects of Information Security Program Development Management

Cloud computing

Controls and countermeasures

Penetration testing

Security program metrics and monitoring

Summary

Chapter 9: Information Security Monitoring Tools and Techniques

Firewall types and their implementation

IDSes and IPSes

Digital signature

Elements of PKI

Asymmetric encryption

Summary

Section 4: Information Security Incident Management

Chapter 10: Overview of Information Security Incident Manager

Incident management overview

Incident response procedure

Incident management metrics and indicators

The current state of the incident response capabilities

Developing an incident response plan

Summary

Chapter 11: Practical Aspects of Information Security Incident Management

Business continuity and disaster recovery procedures

Testing incident response, BCP, and DRP

Executing response and recovery plans

Post-incident activities and investigation

Summary

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share your thoughts

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Summary

In this chapter, you have learned about the importance of assurance functions, that is, governance, risk, and compliance, and how their integration is key to effective and efficient information security management. You have also understood how organizations can use the maturity model to improve their processes. We discussed the importance of the commitment of senior management toward the security aspects of an organization.

Reading this chapter will have helped the CISM aspirant to get an overview of information security governance.

In our next topic, we will discuss the practical aspects of information security governance.

Certified Information Security Manager Exam Prep Guide

By : Hemang Doshi

Certified Information Security Manager Exam Prep Guide

By: Hemang Doshi

Overview of this book

Related Content you might be interested in

Current Title:

Certified Information Security Manager Exam Prep Guide

CISA – Certified Information Systems Auditor Study Guide

CISA – Certified Information Systems Auditor Study Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

Summary