Book Image

Certified Information Security Manager Exam Prep Guide

By : Hemang Doshi
Book Image

Certified Information Security Manager Exam Prep Guide

By: Hemang Doshi

Overview of this book

With cyber threats on the rise, IT professionals are now choosing cybersecurity as the next step to boost their career, and holding the relevant certification can prove to be a game-changer in this competitive market. CISM is one of the top-paying and most sought-after certifications by employers. This CISM Certification Guide comprises comprehensive self-study exam content for those who want to achieve CISM certification on the first attempt. This book is a great resource for information security leaders with a pragmatic approach to challenges related to real-world case scenarios. You'll learn about the practical aspects of information security governance and information security risk management. As you advance through the chapters, you'll get to grips with information security program development and management. The book will also help you to gain a clear understanding of the procedural aspects of information security incident management. By the end of this CISM exam book, you'll have covered everything needed to pass the CISM certification exam and have a handy, on-the-job desktop reference guide.
Table of Contents (17 chapters)
1
Section 1: Information Security Governance
4
Section 2: Information Risk Management
8
Section 3: Information Security Program Development Management
13
Section 4: Information Security Incident Management

Security baseline controls

Baseline means basic requirements. A security baseline means a minimum basic requirement for security. The objective of implementing a security baseline throughout the organization is to ensure that controls are consistently implemented as per acceptable risk levels. The level of the baseline is set as per asset classification. For example, for critical applications it is mandatory too have at least two-factor authentication whereas for non-critical applications it is mandatory to have at least one-factor authentication. In other words, the baseline for critical applications is two-factor authentication whereas the baseline for non-critical applications is one-factor authentication.

Benefits of a security baseline

The following are the benefits of a security baseline:

  • It helps to standardize the basic security requirements throughout the organization.
  • A baseline provides a point of reference against which improvement can be measured....