Book Image

Certified Information Security Manager Exam Prep Guide

By : Hemang Doshi
Book Image

Certified Information Security Manager Exam Prep Guide

By: Hemang Doshi

Overview of this book

With cyber threats on the rise, IT professionals are now choosing cybersecurity as the next step to boost their career, and holding the relevant certification can prove to be a game-changer in this competitive market. CISM is one of the top-paying and most sought-after certifications by employers. This CISM Certification Guide comprises comprehensive self-study exam content for those who want to achieve CISM certification on the first attempt. This book is a great resource for information security leaders with a pragmatic approach to challenges related to real-world case scenarios. You'll learn about the practical aspects of information security governance and information security risk management. As you advance through the chapters, you'll get to grips with information security program development and management. The book will also help you to gain a clear understanding of the procedural aspects of information security incident management. By the end of this CISM exam book, you'll have covered everything needed to pass the CISM certification exam and have a handy, on-the-job desktop reference guide.
Table of Contents (17 chapters)
1
Section 1: Information Security Governance
4
Section 2: Information Risk Management
8
Section 3: Information Security Program Development Management
13
Section 4: Information Security Incident Management

Asset valuation

Asset valuation provides a cost representation of what the organization stands to lose in the event of a major compromise. From the perspective of risk management, an asset is generally valued based on the business value and not only based on a simple acquisition or replacement cost. Business value is measured in terms of revenue loss or other potential impacts when an asset is compromised.

Determining the criticality of assets

The best way to determine the criticality of the asset is by performing a business impact analysis (BIA). A BIA determines the critical business assets by analyzing the impact of the unavailability of an asset on business objectives. In the case of a disaster, the identified critical assets are recovered and restored based on priority to minimize the damage.

To determine the business impact, two independent cost factors are to be considered. The first one is the downtime cost. Examples of downtime costs include a drop in sales, the...