Book Image

Certified Information Security Manager Exam Prep Guide

By : Hemang Doshi
Book Image

Certified Information Security Manager Exam Prep Guide

By: Hemang Doshi

Overview of this book

With cyber threats on the rise, IT professionals are now choosing cybersecurity as the next step to boost their career, and holding the relevant certification can prove to be a game-changer in this competitive market. CISM is one of the top-paying and most sought-after certifications by employers. This CISM Certification Guide comprises comprehensive self-study exam content for those who want to achieve CISM certification on the first attempt. This book is a great resource for information security leaders with a pragmatic approach to challenges related to real-world case scenarios. You'll learn about the practical aspects of information security governance and information security risk management. As you advance through the chapters, you'll get to grips with information security program development and management. The book will also help you to gain a clear understanding of the procedural aspects of information security incident management. By the end of this CISM exam book, you'll have covered everything needed to pass the CISM certification exam and have a handy, on-the-job desktop reference guide.

Related Content you might be interested in

Current Title:

Small book image
Certified Information Security Manager Exam Prep Guide
Hemang Doshi
Nov, 2021 | 616 pages
Small book image
CISA – Certified Information Systems Auditor Study Guide
Hemang Doshi
Aug, 2020 | 590 pages
Small book image
CISA – Certified Information Systems Auditor Study Guide
Hemang Doshi
Jun, 2023 | 330 pages
Small book image
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
Shobhit Mehta
Sep, 2023 | 316 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Get in touch
Share your thoughts
1
Section 1: Information Security Governance
Section 1: Information Security Governance
Free Chapter
2
Chapter 1: Information Security Governance
Chapter 1: Information Security Governance
Introducing information security governance
Understanding governance, risk management, and compliance
Discovering the maturity model
Getting to know the information security roles and responsibilities
Finding out about the governance of third-party relationships
Obtaining commitment from senior management
Introducing the business case and the feasibility study
Understanding information security governance metrics
Summary
3
Chapter 2: Practical Aspects of Information Security Governance
Chapter 2: Practical Aspects of Information Security Governance
Information security strategy and plan
Information security program
Enterprise information security architecture
Organizational structure
Record retention
Awareness and education
Summary
4
Section 2: Information Risk Management
Section 2: Information Risk Management
5
Chapter 3: Overview of Information Risk Management
Chapter 3: Overview of Information Risk Management
Risk management overview
Risk management strategy
Implementing risk management
Risk assessment and analysis methodologies
Risk assessment
Summary
6
Chapter 4: Practical Aspects of Information Risk Management
Chapter 4: Practical Aspects of Information Risk Management
Information asset classification
Asset valuation
Operational risk management
Outsourcing and third-party service providers
Risk management integration with the process life cycle
Summary
7
Chapter 5: Procedural Aspects of Information Risk Management
Chapter 5: Procedural Aspects of Information Risk Management
Change management
Patch management
Security baseline controls
Risk monitoring and communication
Security awareness training and education
Documentation
Summary
8
Section 3: Information Security Program Development Management
Section 3: Information Security Program Development Management
9
Chapter 6: Overview of Information Security Program Development Management
Chapter 6: Overview of Information Security Program Development Management
Information security program management overview
Information security program objectives
Information security framework components
Defining an information security program road map
Policy, standards, and procedures
Security budget
Security program management and administrative activities
Privacy laws
Summary
10
Chapter 7: Information Security Infrastructure and Architecture
Chapter 7: Information Security Infrastructure and Architecture
Information security architecture
Architecture implementation
Access control
Virtual private networks
Biometrics
Factors of authentication
Wireless network
Different attack methods
Summary
11
Chapter 8: Practical Aspects of Information Security Program Development Management
Chapter 8: Practical Aspects of Information Security Program Development Management
Cloud computing
Controls and countermeasures
Penetration testing
Security program metrics and monitoring
Summary
12
Chapter 9: Information Security Monitoring Tools and Techniques
Chapter 9: Information Security Monitoring Tools and Techniques
Firewall types and their implementation
IDSes and IPSes
Digital signature
Elements of PKI
Asymmetric encryption
Summary
13
Section 4: Information Security Incident Management
Section 4: Information Security Incident Management
14
Chapter 10: Overview of Information Security Incident Manager
Chapter 10: Overview of Information Security Incident Manager
Incident management overview
Incident response procedure
Incident management metrics and indicators
The current state of the incident response capabilities
Developing an incident response plan
Summary
15
Chapter 11: Practical Aspects of Information Security Incident Management
Chapter 11: Practical Aspects of Information Security Incident Management
Business continuity and disaster recovery procedures
Testing incident response, BCP, and DRP
Executing response and recovery plans
Post-incident activities and investigation
Summary
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

Risk management integration with the process life cycle

The security manager should understand that risk management activities are not one-time events. Risk management is a continuous process. For effective risk management, activities related to risk management should be integrated with the process life cycle.

System development life cycle

The security manager should be aware of the following system development life cycle (SDLC) phases:

Table 4.5 – Phases of the SDLC

The security manager should be involved in all the preceding phases of the SDLC and the security requirements should be integrated into all SDLC phases. Performing risk assessments at each stage of the SDLC is the most cost-effective way to address any flaws early.

The following aspects need to be addressed during the risk assessment of the project:

  • What level of confidentiality is required for the system?
  • What level of availability is required for the system?
    • ...
Previous Section
End of Section 6
Next Section