Book Image

Certified Information Security Manager Exam Prep Guide

By : Hemang Doshi
Book Image

Certified Information Security Manager Exam Prep Guide

By: Hemang Doshi

Overview of this book

With cyber threats on the rise, IT professionals are now choosing cybersecurity as the next step to boost their career, and holding the relevant certification can prove to be a game-changer in this competitive market. CISM is one of the top-paying and most sought-after certifications by employers. This CISM Certification Guide comprises comprehensive self-study exam content for those who want to achieve CISM certification on the first attempt. This book is a great resource for information security leaders with a pragmatic approach to challenges related to real-world case scenarios. You'll learn about the practical aspects of information security governance and information security risk management. As you advance through the chapters, you'll get to grips with information security program development and management. The book will also help you to gain a clear understanding of the procedural aspects of information security incident management. By the end of this CISM exam book, you'll have covered everything needed to pass the CISM certification exam and have a handy, on-the-job desktop reference guide.
Table of Contents (17 chapters)
1
Section 1: Information Security Governance
4
Section 2: Information Risk Management
8
Section 3: Information Security Program Development Management
13
Section 4: Information Security Incident Management

Risk management strategy

First, let's understand what a strategy is. A strategy is a plan that helps us achieve the objective. In this sense, a risk management strategy is a plan for achieving the risk management objective. The ultimate objective of any risk management program is to support the business objective by mitigating the risk to an acceptable level. Thus, the main objective of the risk management strategy is to support the business objective.

The risk management strategy should be aligned with the overall governance strategy. It should be consistent and integrated with the overall governance strategy.

Risk capacity, appetite, and tolerance

The first step of learning about risk management is understanding the following three important terms:

  • Risk capacity
  • Risk tolerance
  • Risk appetite

Let's understand the difference between risk capacity, risk appetite, and risk tolerance, as follows:

  • Risk capacity: This is the maximum...