CISM Certified Information Security Manager Study Guide

Auteur

ABOUT THE AUTHOR

MIKE CHAPPLE, PhD, CISM, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, CertMike.com

Texte du rabat

Your personal roadmap to preparing for the Certified Information Security Manager (CISM) exam

The Certified Information Security Manager (CISM) Study Guide is your one-stop resource for complete coverage of the challenging CISM exam from ISACA. This Sybex Study Guide covers 100% of the 2022 version of the CISM domain competencies. You'll prepare for the exam with efficient and accurate content that's intuitively organized by exam objective so you can easily keep track of what you've covered. The CISM certification is a top-tier cybersecurity management certification that signals employers that a current or aspiring cybersecurity leader is ready to take on cross-functional team management responsibilities. CISM-certified managers are well-versed in information security governance, information risk management, information security program development and management, and information security incident management. By earning this credential, cybersecurity professionals demonstrate that they're ready to move beyond individual technical responsibilities. CISM holders demonstrate quantifiable job performance improvements and salary increases. With what you learn and prepare for using the Certified Information Security Manager (CISM) Study Guide you'll be ready to move on to security management and leadership roles, all the way up to Chief Information Security Officer (CISO)! The included Practice tests, exercises, and real-world examples will help you reinforce and retain what you've learned. The Sybex online learning environment and test bank, accessible across multiple devices, further expand your study toolkit. Get prepared for the CISM exam with Sybex. Coverage of 100% of all exam objectives in this Study Guide means you'll be ready for:

• Information Security Governance
• Information Security Risk Management
• Information Security Program

• Incident Management Interactive learning environment Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, register your book to receive your unique PIN, and instantly gain one year of FREE access after activation to:

• Interactive test bank with 2 practice exams to help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam.
• 100 electronic flashcards to reinforce learning and last-minute prep before the exam
• Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared
• Audio review of Exam Essentials for each chapter ABOUT THE ISACA CERTIFICATION PROGRAM The ISACA certification program serves nearly 150,000 professionals in over 180 countries. Two of their flagship certifications - CISA and CISM - are highly coveted credentials sought by IT professionals seeking to demonstrate their mastery of information security governance, risk management, and related topics.

Résumé
Sharpen your information security skills and grab an invaluable new credential with this unbeatable study guide As cybersecurity becomes an increasingly mission-critical issue, more and more employers and professionals are turning to ISACA's trusted and recognized Certified Information Security Manager qualification as a tried-and-true indicator of information security management expertise. In Wiley's Certified Information Security Manager (CISM) Study Guide, you'll get the information you need to succeed on the demanding CISM exam. You'll also develop the IT security skills and confidence you need to prove yourself where it really counts: on the job. Chapters are organized intuitively and by exam objective so you can easily keep track of what you've covered and what you still need to study. You'll also get access to a pre-assessment, so you can find out where you stand before you take your studies further. Sharpen your skills with Exam Essentials and chapter review questions with detailed explanations in all four of the CISM exam domains: Information Security Governance, Information Security Risk Management, Information Security Program, and Incident Management. In this essential resource, you'll also: Grab a head start to an in-demand certification used across the information security industry Expand your career opportunities to include rewarding and challenging new roles only accessible to those with a CISM credential * Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms Perfect for anyone prepping for the challenging CISM exam or looking for a new role in the information security field, the Certified Information Security Manager (CISM) Study Guide is an indispensable resource that will put you on the fast track to success on the test and in your next job.

Contenu

Introduction Assessment Test xxi

Chapter 1 Today's Information Security Manager 1

Information Security Objectives 2

Role of the Information Security Manager 3

Chief Information Security Officer 4

Lines of Authority 4

Organizing the Security Team 5

Roles and Responsibilities 7

Information Security Risks 8

The DAD Triad 8

Incident Impact 9

Building an Information Security Strategy 12

Threat Research 12

SWOT Analysis 13

Gap Analysis 13

Creating SMART Goals 16

Alignment with Business Strategy 16

Leadership Support 17

Internal and External Influences 17

Cybersecurity Responsibilities 18

Communication 19

Action Plans 19

Implementing Security Controls 20

Security Control Categories 21

Security Control Types 21

Data Protection 23

Summary 25

Exam Essentials 25

Review Questions 27

Chapter 2 Information Security Governance and Compliance 31

Governance 33

Corporate Governance 33

Governance, Risk, and Compliance Programs 35

Information Security Governance 35

Developing Business Cases 36

Third- Party Relationships 37

Understanding Policy Documents 38

Policies 38

Standards 40

Procedures 42

Guidelines 43

Exceptions and Compensating Controls 44

Developing Policies 45

Complying with Laws and Regulations 46

Adopting Standard Frameworks 47

Cobit 47

NIST Cybersecurity Framework 49

NIST Risk Management Framework 52

ISO Standards 53

Benchmarks and Secure Configuration Guides 54

Security Control Verification and Quality Control 56

Summary 57

Exam Essentials 57

Review Questions 59

Chapter 3 Information Risk Management 63

Analyzing Risk 65

Risk Identification 66

Risk Calculation 67

Risk Assessment 68

Risk Treatment and Response 72

Risk Mitigation 73

Risk Avoidance 74

Risk Transference 74

Risk Acceptance 75

Risk Analysis 75

Disaster Recovery Planning 78

Disaster Types 78

Business Impact Analysis 79

Privacy 79

Sensitive Information Inventory 80

Information Classification 80

Data Roles and Responsibilities 82

Information Lifecycle 83

Privacy- Enhancing Technologies 83

Privacy and Data Breach Notification 84

Summary…