Certified Information Security Manager Exam Prep Guide
eBook - ePub

Certified Information Security Manager Exam Prep Guide

Aligned with the latest edition of the CISM Review Manual to help you pass the exam with confidence

Hemang Doshi

  1. 616 pagine
  2. English
  3. ePUB (disponibile sull'app)
  4. Disponibile su iOS e Android
eBook - ePub

Certified Information Security Manager Exam Prep Guide

Aligned with the latest edition of the CISM Review Manual to help you pass the exam with confidence

Hemang Doshi

Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni

Informazioni sul libro

Pass the Certified Information Security Manager (CISM) exam and implement your organization's security strategy with ease

Key Features

  • Pass the CISM exam confidently with this step-by-step guide
  • Explore practical solutions that validate your knowledge and expertise in managing enterprise information security teams
  • Enhance your cybersecurity skills with practice questions and mock tests

Book Description

With cyber threats on the rise, IT professionals are now choosing cybersecurity as the next step to boost their career, and holding the relevant certification can prove to be a game-changer in this competitive market. CISM is one of the top-paying and most sought-after certifications by employers.

This CISM Certification Guide comprises comprehensive self-study exam content for those who want to achieve CISM certification on the first attempt. This book is a great resource for information security leaders with a pragmatic approach to challenges related to real-world case scenarios. You'll learn about the practical aspects of information security governance and information security risk management. As you advance through the chapters, you'll get to grips with information security program development and management. The book will also help you to gain a clear understanding of the procedural aspects of information security incident management.

By the end of this CISM exam book, you'll have covered everything needed to pass the CISM certification exam and have a handy, on-the-job desktop reference guide.

What you will learn

  • Understand core exam objectives to pass the CISM exam with confidence
  • Create and manage your organization's information security policies and procedures with ease
  • Broaden your knowledge of the organization's security strategy designing
  • Manage information risk to an acceptable level based on risk appetite in order to meet organizational goals and objectives
  • Find out how to monitor and control incident management procedures
  • Discover how to monitor activity relating to data classification and data access

Who this book is for

If you are an aspiring information security manager, IT auditor, chief information security officer (CISO), or risk management professional who wants to achieve certification in information security, then this book is for you. A minimum of two years' experience in the field of information technology is needed to make the most of this book. Experience in IT audit, information security, or related fields will be helpful.

Domande frequenti

Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Certified Information Security Manager Exam Prep Guide è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Certified Information Security Manager Exam Prep Guide di Hemang Doshi in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Computer Science e Cyber Security. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.

Informazioni

Editore
Packt Publishing
Anno
2021
ISBN
9781801076227
Edizione
1
Argomento
Computer Science
Categoria
Cyber Security

Section 1: Information Security Governance

This part is about the management and governance of information security. It covers 24% of the CISM certification exam.
This section contains the following chapters:
  • Chapter 1, Information Security Governance
  • Chapter 2, Practical Aspects of Information Security Governance

Chapter 1: Information Security Governance

Governance is an important aspect of the certified information security manager (CISM) exam.
In this chapter, we will cover an overview of information security governance and aim to understand the impact of good governance on the effectiveness of information security projects.
You will learn about assurance functions such as governance, risk, and compliance (GRC), and details about the various roles and responsibilities of the security function. You will also be introduced to the best practices for obtaining the commitment from the senior management of an organization toward information security.
The following topics will be covered in this chapter:
  • Introducing information security governance
  • Understanding GRC
  • Discovering the maturity model
  • Getting to know the information security roles and responsibilities
  • Finding out about the governance of third-party relationships
  • Obtaining commitment from senior management
  • Introducing the business case and the feasibility study
  • Understanding information security governance metrics
Let's dive in and discuss each one of these topics in detail.

Introducing information security governance

In simple terms, governance can be defined as a set of rules to direct, monitor, and control an organization's activities. Governance can be implemented by way of policies, standards, and procedures.
The information security governance model is primarily impacted by the complexity of an organization's structure. An organization's structure includes objectives, its vision and mission, different function units, different product lines, hierarchy structure, leadership structure, and other relevant factors. A review of organizational structure will help the security manager to understand the roles and responsibilities of information security governance, as discussed in our next topic.

The responsibility of information security governance

The responsibility for information security governance primarily resides with the board of directors and senior management. Information security governance is a subset of the overall enterprise governance. The board of directors is required to make security an important part of governance by way of monitoring key aspects of security. Senior management holds the responsibility to ensure that security aspects are integrated with business processes.
The involvement of senior management and the steering committee in discussions and in the approval of security projects indicates that the management is committed to aspects relating to security. Generally, a steering committee consists of senior officials from different departments. The role of an information security steering committee is to provide oversight on the security environment of the organization.
It is very important for a CISM aspirant to understand the steps for establishing the governance, as we will discuss in the next section.

Steps for establishing the governance

For effective governance, it should be established in a structured manner. A CISM aspirant should understand the following steps for establishing governance:
  1. First, determine the objectives of an information security program. Most often, these objectives are derived from risk management and the acceptable level of risk that you are willing to take. One example of an objective for a bank may be that the system should always be available for customers – that is, there should be zero downtime. Information security objectives must also align with and be guided by the organization's business objectives.
  2. The next step is that the information security manager develops a strategy and requirements based on these objectives. The security manager is required to conduct a gap analysis and identify the strategy to move to the desired state of security from its current state of security. The desired state of security is also termed as the security objectives. This gap analysis becomes the basis for the strategy.
  3. The final step is to create the road map and identify specific actionable steps to achieve the security objectives. The security manager needs to consider various factors such as time limits, resource availability, the security budget, laws and regulations, and other relevant factors.
These specific actions are implemented by way of security policies, standards, and procedures.

Governance framework

The governance framework is a structure or outline that supports the implementation of the information security strategy. They provide the best practices for a structured security program. Frameworks are a flexible structure that any organization can adopt as per their environment and its requirements. Governance frameworks such as COBIT and ISO 27000 are both examples of widely accepted and implemented frameworks for security governance.
Let's look a bit closer at an example of information security governance in the next section.

The aim of information security governance

Information security governance is a subset of the overall enterprise governance of an organization. The same framework should be used for both enterprise governance and information security governance for better integration between the two.
The following are the objectives of information security governance:
  • To ensure that security initiatives are aligned with the business's strategy and support organizational objectives.
  • To optimize security investments and ensure the high-value delivery of business processes.
  • To monitor the security processes to ensure that security objectives are achieved.
  • To integrate and align the activities of all assurance functions for effective and efficient security measures.
  • To ensure that residual risks are well within acceptabl...

Indice dei contenuti

  1. Certified Information Security Manager Exam Prep Guide
  2. Contributors
  3. Preface
  4. Section 1: Information Security Governance
  5. Chapter 1: Information Security Governance
  6. Chapter 2: Practical Aspects of Information Security Governance
  7. Section 2: Information Risk Management
  8. Chapter 3: Overview of Information Risk Management
  9. Chapter 4: Practical Aspects of Information Risk Management
  10. Chapter 5: Procedural Aspects of Information Risk Management
  11. Section 3: Information Security Program Development Management
  12. Chapter 6: Overview of Information Security Program Development Management
  13. Chapter 7: Information Security Infrastructure and Architecture
  14. Chapter 8: Practical Aspects of Information Security Program Development Management
  15. Chapter 9: Information Security Monitoring Tools and Techniques
  16. Section 4: Information Security Incident Management
  17. Chapter 10: Overview of Information Security Incident Manager
  18. Chapter 11: Practical Aspects of Information Security Incident Management
  19. Other Books You May Enjoy
Stili delle citazioni per Certified Information Security Manager Exam Prep Guide

APA 6 Citation

Doshi, H. (2021). Certified Information Security Manager Exam Prep Guide (1st ed.). Packt Publishing. Retrieved from https://www.perlego.com/book/3112882/certified-information-security-manager-exam-prep-guide-aligned-with-the-latest-edition-of-the-cism-review-manual-to-help-you-pass-the-exam-with-confidence-pdf (Original work published 2021)

Chicago Citation

Doshi, Hemang. (2021) 2021. Certified Information Security Manager Exam Prep Guide. 1st ed. Packt Publishing. https://www.perlego.com/book/3112882/certified-information-security-manager-exam-prep-guide-aligned-with-the-latest-edition-of-the-cism-review-manual-to-help-you-pass-the-exam-with-confidence-pdf.

Harvard Citation

Doshi, H. (2021) Certified Information Security Manager Exam Prep Guide. 1st edn. Packt Publishing. Available at: https://www.perlego.com/book/3112882/certified-information-security-manager-exam-prep-guide-aligned-with-the-latest-edition-of-the-cism-review-manual-to-help-you-pass-the-exam-with-confidence-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Doshi, Hemang. Certified Information Security Manager Exam Prep Guide. 1st ed. Packt Publishing, 2021. Web. 15 Oct. 2022.