CISM Certified Information Security Manager All-in-One Exam Guide, Second Edition, 2nd Edition

CISM Certified Information Security Manager All-in-One Exam Guide, Second Edition, 2nd Edition

by Peter H. Gregory
Released October 2022
Publisher(s): McGraw-Hill
ISBN: 9781264268320

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Provides 100% coverage of every objective on the 2022 CISM exam

This integrated self-study guide enables you to take the 2022 version of the challenging CISM exam with complete confidence. Written by an expert in the field, the book offers exam-focused coverage of information security governance, information risk management, information security program development and management, and information security incident management.

CISM Certified Information Security Manager All-in-One Exam Guide, Second Edition features learning objectives, exam tips, practice questions, and in-depth explanations. All questions closely match those on the live test in tone, format, and content. Special design elements throughout provide real-world insight and call out potentially harmful situations. Beyond fully preparing you for the exam, the book also serves as a valuable on-the-job reference.

  • Features complete coverage of all 2022 CISM exam domains
  • Online content includes 300 practice questions in the customizable TotalTester™ exam engine
  • Written by a cybersecurity expert, author, and lecturer

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About the Author
  6. Contents at a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. Part I Information Security Governance
    1. Chapter 1 Enterprise Governance
      1. Introduction to Information Security Governance
        1. Reason for Security Governance
        2. Security Governance Activities and Results
        3. Business Alignment
      2. Organizational Culture
        1. Acceptable Use Policy
        2. Ethics
      3. Legal, Regulatory, and Contractual Requirements
      4. Organizational Structure, Roles, and Responsibilities
        1. Organizational Roles
        2. Board of Directors
        3. Executive Management
        4. Security Steering Committee
        5. Business Process and Business Asset Owners
        6. Custodial Responsibilities
        7. Chief Information Security Officer
        8. Chief Privacy Officer
        9. Chief Compliance Officer
        10. Software Development
        11. Data Management
        12. Network Management
        13. Systems Management
        14. IT Operations
        15. Governance, Risk, and Compliance
        16. Business Resilience
        17. Security Operations
        18. Security Audit
        19. Service Desk
        20. Quality Assurance
        21. Other Roles
        22. General Staff
        23. Monitoring Responsibilities
      5. Chapter Review
        1. Notes
        2. Questions
        3. Answers
    2. Chapter 2 Information Security Strategy
      1. Information Security Strategy Development
        1. Strategy Objectives
        2. Strategy Participants
        3. Strategy Resources
        4. Strategy Development
        5. Strategy Constraints
      2. Information Governance Frameworks and Standards
        1. Business Model for Information Security
        2. The Zachman Framework
        3. The Open Group Architecture Framework
        4. ISO/IEC 27001
        5. NIST Cybersecurity Framework
        6. NIST Risk Management Framework
      3. Strategic Planning
        1. Roadmap Development
        2. Developing a Business Case
      4. Chapter Review
        1. Notes
        2. Questions
        3. Answers
  11. Part II Information Security Risk Management
    1. Chapter 3 Information Security Risk Assessment
      1. Emerging Risk and Threat Landscape
        1. The Importance of Risk Management
        2. Outcomes of Risk Management
        3. Risk Objectives
        4. Risk Management Technologies
        5. Implementing a Risk Management Program
        6. The Risk Management Life Cycle
      2. Vulnerability and Control Deficiency Analysis
      3. Risk Assessment and Analysis
        1. Threat Identification
        2. Risk Identification
        3. Risk Likelihood and Impact
        4. Risk Analysis Techniques and Considerations
        5. Risk Management and Business Continuity Planning
        6. The Risk Register
        7. Integration of Risk Management into Other Processes
      4. Chapter Review
        1. Notes
        2. Questions
        3. Answers
    2. Chapter 4 Information Security Risk Response
      1. Risk Treatment / Risk Response Options
        1. Risk Mitigation
        2. Risk Transfer
        3. Risk Avoidance
        4. Risk Acceptance
        5. Evaluating Risk Response Options
        6. Costs and Benefits
        7. Residual Risk
        8. Iterative Risk Treatment
        9. Risk Appetite, Capacity, and Tolerance
        10. Legal and Regulatory Considerations
        11. The Risk Register
      2. Risk and Control Ownership
        1. Risk Ownership
        2. Control Ownership
      3. Risk Monitoring and Reporting
        1. Key Risk Indicators
        2. Training and Awareness
        3. Risk Documentation
      4. Chapter Review
        1. Notes
        2. Questions
        3. Answers
  12. Part III Information Security Risk Management
    1. Chapter 5 Information Security Program Development
      1. Information Security Program Resources
        1. Trends
        2. Outcomes
        3. Charter
        4. Scope
        5. Information Security Processes
        6. Information Security Technologies
      2. Information Asset Identification and Classification
        1. Asset Identification and Valuation
        2. Asset Classification
        3. Asset Valuation
      3. Industry Standards and Frameworks for Information Security
        1. Control Frameworks
        2. Information Security Management Frameworks
        3. Information Security Architecture
      4. Information Security Policies, Procedures, and Guidelines
        1. Policy Development
        2. Standards
        3. Guidelines
        4. Requirements
        5. Processes and Procedures
      5. Information Security Program Metrics
        1. Types of Metrics
        2. Audiences
        3. The Security Balanced Scorecard
      6. Chapter Review
        1. Notes
        2. Questions
        3. Answers
    2. Chapter 6 Information Security Program Management
      1. Information Security Control Design and Selection
        1. Control Classification
        2. Control Objectives
        3. General Computing Controls
        4. Controls: Build Versus Buy
        5. Control Frameworks
      2. Information Security Control Implementation and Integrations
        1. Controls Development
        2. Control Implementation
        3. Security and Control Operations
      3. Information Security Control Testing and Evaluation
        1. Control Monitoring
        2. Control Reviews and Audits
      4. Information Security Awareness and Training
        1. Security Awareness Training Objectives
        2. Creating or Selecting Content for Security Awareness Training
        3. Security Awareness Training Audiences
        4. Awareness Training Communications
      5. Management of External Services
        1. Benefits of Outsourcing
        2. Risks of Outsourcing
        3. Identifying Third Parties
        4. Cloud Service Providers
        5. TPRM Life Cycle
        6. Risk Tiering and Vendor Classification
        7. Assessing Third Parties
        8. Proactive Issue Remediation
        9. Responsive Issue Remediation
        10. Security Incidents
      6. Information Security Program Communications and Reporting
        1. Security Operations
        2. Risk Management
        3. Internal Partnerships
        4. External Partnerships
        5. Compliance Management
        6. Security Awareness Training
        7. Technical Architecture
        8. Personnel Management
        9. Project and Program Management
        10. Budget
      7. IT Service Management
        1. Service Desk
        2. Incident Management
        3. Problem Management
        4. Change Management
        5. Configuration Management
        6. Release Management
        7. Service-Level Management
        8. Financial Management
        9. Capacity Management
        10. Service Continuity Management
        11. Availability Management
        12. Asset Management
      8. Continuous Improvement
      9. Chapter Review
        1. Notes
        2. Questions
        3. Answers
  13. Part IV Incident Management
    1. Chapter 7 Incident Management Readiness
      1. Incident Response Plan
        1. Security Incident Response Overview
        2. Incident Response Plan Development
      2. Business Impact Analysis
        1. Inventory of Key Processes and Systems
        2. Statements of Impact
        3. Criticality Analysis
        4. Determine Maximum Tolerable Downtime
        5. Determine Maximum Tolerable Outage
        6. Establish Key Recovery Targets
      3. Business Continuity Plan (BCP)
        1. Business Continuity Planning
      4. Disaster Recovery Plan (DRP)
        1. Disaster Response Teams’ Roles and Responsibilities
        2. Recovery Objectives
      5. Incident Classification/Categorization
      6. Incident Management Training, Testing, and Evaluation
        1. Security Incident Response Training
        2. Business Continuity and Disaster Response Training
        3. Testing Security Incident Response Plans
        4. Testing Business Continuity and Disaster Recovery Plans
        5. Evaluating Business Continuity Planning
        6. Evaluating Disaster Recovery Planning
        7. Evaluating Security Incident Response
      7. Chapter Review
        1. Notes
        2. Questions
        3. Answers
    2. Chapter 8 Incident Management Operations
      1. Incident Management Tools and Techniques
        1. Incident Response Roles and Responsibilities
        2. Incident Response Tools and Techniques
      2. Incident Investigation and Evaluation
        1. Incident Detection
        2. Incident Initiation
        3. Incident Analysis
      3. Incident Containment Methods
      4. Incident Response Communications
        1. Crisis Management and Communications
        2. Communications in the Incident Response Plan
        3. Incident Response Metrics and Reporting
      5. Incident Eradication, and Recovery
        1. Incident Eradication
        2. Incident Recovery
        3. Incident Remediation
      6. Post-incident Review Practices
        1. Closure
        2. Post-incident Review
      7. Chapter Review
        1. Notes
        2. Questions
        3. Answers
  14. Part V Appendix and Glossary
    1. Appendix About the Online Content
      1. System Requirements
      2. Your Total Seminars Training Hub Account
        1. Privacy Notice
      3. Single User License Terms and Conditions
      4. TotalTester Online
      5. Technical Support
  15. Glossary
  16. Index

Product information

  • Title: CISM Certified Information Security Manager All-in-One Exam Guide, Second Edition, 2nd Edition
  • Author(s): Peter H. Gregory
  • Release date: October 2022
  • Publisher(s): McGraw-Hill
  • ISBN: 9781264268320