![Certified Information Security Manager Exam Prep Guide](https://img.perlego.com/book-covers/3112882/9781801076227_300_450.webp)
Certified Information Security Manager Exam Prep Guide
Aligned with the latest edition of the CISM Review Manual to help you pass the exam with confidence
Hemang Doshi
- 616 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
Certified Information Security Manager Exam Prep Guide
Aligned with the latest edition of the CISM Review Manual to help you pass the exam with confidence
Hemang Doshi
Über dieses Buch
Pass the Certified Information Security Manager (CISM) exam and implement your organization's security strategy with ease
Key Features
- Pass the CISM exam confidently with this step-by-step guide
- Explore practical solutions that validate your knowledge and expertise in managing enterprise information security teams
- Enhance your cybersecurity skills with practice questions and mock tests
Book Description
With cyber threats on the rise, IT professionals are now choosing cybersecurity as the next step to boost their career, and holding the relevant certification can prove to be a game-changer in this competitive market. CISM is one of the top-paying and most sought-after certifications by employers.
This CISM Certification Guide comprises comprehensive self-study exam content for those who want to achieve CISM certification on the first attempt. This book is a great resource for information security leaders with a pragmatic approach to challenges related to real-world case scenarios. You'll learn about the practical aspects of information security governance and information security risk management. As you advance through the chapters, you'll get to grips with information security program development and management. The book will also help you to gain a clear understanding of the procedural aspects of information security incident management.
By the end of this CISM exam book, you'll have covered everything needed to pass the CISM certification exam and have a handy, on-the-job desktop reference guide.
What you will learn
- Understand core exam objectives to pass the CISM exam with confidence
- Create and manage your organization's information security policies and procedures with ease
- Broaden your knowledge of the organization's security strategy designing
- Manage information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives
- Find out how to monitor and control incident management procedures
- Discover how to monitor activity relating to data classification and data access
Who this book is for
If you are an aspiring information security manager, IT auditor, chief information security officer (CISO), or risk management professional who wants to achieve certification in information security, then this book is for you. A minimum of two years' experience in the field of information technology is needed to make the most of this book. Experience in IT audit, information security, or related fields will be helpful.
Häufig gestellte Fragen
Information
Section 1: Information Security Governance
- Chapter 1, Information Security Governance
- Chapter 2, Practical Aspects of Information Security Governance
Chapter 1: Information Security Governance
- Introducing information security governance
- Understanding GRC
- Discovering the maturity model
- Getting to know the information security roles and responsibilities
- Finding out about the governance of third-party relationships
- Obtaining commitment from senior management
- Introducing the business case and the feasibility study
- Understanding information security governance metrics
Introducing information security governance
The responsibility of information security governance
Steps for establishing the governance
- First, determine the objectives of an information security program. Most often, these objectives are derived from risk management and the acceptable level of risk that you are willing to take. One example of an objective for a bank may be that the system should always be available for customers – that is, there should be zero downtime. Information security objectives must also align with and be guided by the organization's business objectives.
- The next step is that the information security manager develops a strategy and requirements based on these objectives. The security manager is required to conduct a gap analysis and identify the strategy to move to the desired state of security from its current state of security. The desired state of security is also termed as the security objectives. This gap analysis becomes the basis for the strategy.
- The final step is to create the road map and identify specific actionable steps to achieve the security objectives. The security manager needs to consider various factors such as time limits, resource availability, the security budget, laws and regulations, and other relevant factors.
Governance framework
The aim of information security governance
- To ensure that security initiatives are aligned with the business's strategy and support organizational objectives.
- To optimize security investments and ensure the high-value delivery of business processes.
- To monitor the security processes to ensure that security objectives are achieved.
- To integrate and align the activities of all assurance functions for effective and efficient security measures.
- To ensure that residual risks are well within acceptabl...
Inhaltsverzeichnis
- Certified Information Security Manager Exam Prep Guide
- Contributors
- Preface
- Section 1: Information Security Governance
- Chapter 1: Information Security Governance
- Chapter 2: Practical Aspects of Information Security Governance
- Section 2: Information Risk Management
- Chapter 3: Overview of Information Risk Management
- Chapter 4: Practical Aspects of Information Risk Management
- Chapter 5: Procedural Aspects of Information Risk Management
- Section 3: Information Security Program Development Management
- Chapter 6: Overview of Information Security Program Development Management
- Chapter 7: Information Security Infrastructure and Architecture
- Chapter 8: Practical Aspects of Information Security Program Development Management
- Chapter 9: Information Security Monitoring Tools and Techniques
- Section 4: Information Security Incident Management
- Chapter 10: Overview of Information Security Incident Manager
- Chapter 11: Practical Aspects of Information Security Incident Management
- Other Books You May Enjoy