Update cookies preferences

E-book: CISM Certified Information Security Manager Study Guide

4.57/5 (41 ratings by Goodreads)
(University of Notre Dame)
  • Format: PDF+DRM
  • Series: Sybex Study Guide
  • Pub. Date: 21-Apr-2022
  • Publisher: Sybex Inc.,U.S.
  • Language: eng
  • ISBN-13: 9781119802044
Other books in subject:
  • Format - PDF+DRM
  • Price: 61,75 €*
  • * the price is final i.e. no additional discount will apply
  • Add to basket
  • Add to Wishlist
  • This ebook is for personal use only. E-Books are non-refundable.
CISM Certified Information Security Manager Study GuideLarger Image
  • Format: PDF+DRM
  • Series: Sybex Study Guide
  • Pub. Date: 21-Apr-2022
  • Publisher: Sybex Inc.,U.S.
  • Language: eng
  • ISBN-13: 9781119802044
Other books in subject:

DRM restrictions

  • Copying (copy/paste):

    not allowed

  • Printing:

    not allowed

  • Usage:

    Digital Rights Management (DRM)
    The publisher has supplied this book in encrypted form, which means that you need to install free software in order to unlock and read it.  To read this e-book you have to create Adobe ID More info here. Ebook can be read and downloaded up to 6 devices (single user with the same Adobe ID).

    Required software
    To read this ebook on a mobile device (phone or tablet) you'll need to install this free app: PocketBook Reader (iOS / Android)

    To download and read this eBook on a PC or Mac you need Adobe Digital Editions (This is a free app specially developed for eBooks. It's not the same as Adobe Reader, which you probably already have on your computer.)

    You can't read this ebook with Amazon Kindle

Sharpen your information security skills and grab an invaluable new credential with this unbeatable study guide

As cybersecurity becomes an increasingly mission-critical issue, more and more employers and professionals are turning to ISACA's trusted and recognized Certified Information Security Manager qualification as a tried-and-true indicator of information security management expertise.

In Wiley's Certified Information Security Manager (CISM) Study Guide, you'll get the information you need to succeed on the demanding CISM exam. You'll also develop the IT security skills and confidence you need to prove yourself where it really counts: on the job.

Chapters are organized intuitively and by exam objective so you can easily keep track of what you've covered and what you still need to study. You'll also get access to a pre-assessment, so you can find out where you stand before you take your studies further.

Sharpen your skills with Exam Essentials and chapter review questions with detailed explanations in all four of the CISM exam domains: Information Security Governance, Information Risk Management, Information Security Program Development and Management, and Information Security Incident Management.

In this essential resource, you'll also:

  • Grab a head start to an in-demand certification used across the information security industry
  • Expand your career opportunities to include rewarding and challenging new roles only accessible to those with a CISM credential
  • Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms

Perfect for anyone prepping for the challenging CISM exam or looking for a new role in the information security field, the Certified Information Security Manager (CISM) Study Guide is an indispensable resource that will put you on the fast track to success on the test and in your next job.

Introduction xxi
Assessment Test xxxii
Chapter 1 Today's Information Security Manager
1(30)
Information Security Objectives
2(1)
Role of the Information Security Manager
3(5)
Chief Information Security Officer
4(1)
Lines of Authority
4(1)
Organizing the Security Team
5(2)
Roles and Responsibilities
7(1)
Information Security Risks
8(4)
The DAD Triad
8(1)
Incident Impact
9(3)
Building an Information Security Strategy
12(8)
Threat Research
12(1)
SWOT Analysis
13(1)
Gap Analysis
13(3)
Creating SMART Goals
16(1)
Alignment with Business Strategy
16(1)
Leadership Support
17(1)
Internal and External Influences
17(1)
Cybersecurity Responsibilities
18(1)
Communication
19(1)
Action Plans
19(1)
Implementing Security Controls
20(3)
Security Control Categories
21(1)
Security Control Types
21(2)
Data Protection
23(2)
Summary
25(1)
Exam Essentials
25(2)
Review Questions
27(4)
Chapter 2 Information Security Governance and Compliance
31(32)
Governance
33(5)
Corporate Governance
33(2)
Governance, Risk, and Compliance Programs
35(1)
Information Security Governance
35(1)
Developing Business Cases
36(1)
Third-Party Relationships
37(1)
Understanding Policy Documents
38(8)
Policies
38(2)
Standards
40(2)
Procedures
42(1)
Guidelines
43(1)
Exceptions and Compensating Controls
44(1)
Developing Policies
45(1)
Complying with Laws and Regulations
46(1)
Adopting Standard Frameworks
47(9)
COBIT
47(2)
NIST Cybersecurity Framework
49(3)
NIST Risk Management Framework
52(1)
ISO Standards
53(1)
Benchmarks and Secure Configuration Guides
54(2)
Security Control Verification and Quality Control
56(1)
Summary
57(1)
Exam Essentials
57(2)
Review Questions
59(4)
Chapter 3 Information Risk Management
63(28)
Analyzing Risk
65(7)
Risk Identification
66(1)
Risk Calculation
67(1)
Risk Assessment
68(4)
Risk Treatment and Response
72(3)
Risk Mitigation
73(1)
Risk Avoidance
74(1)
Risk Transference
74(1)
Risk Acceptance
75(1)
Risk Analysis
75(3)
Disaster Recovery Planning
78(1)
Disaster Types
78(1)
Business Impact Analysis
79(1)
Privacy
79(5)
Sensitive Information Inventory
80(1)
Information Classification
80(2)
Data Roles and Responsibilities
82(1)
Information Lifecycle
83(1)
Privacy-Enhancing Technologies
83(1)
Privacy and Data Breach Notification
84(1)
Summary
84(1)
Exam Essentials
85(1)
Review Questions
86(5)
Chapter 4 Cybersecurity Threats
91(24)
Exploring Cybersecurity Threats
92(9)
Classifying Cybersecurity Threats
92(2)
Threat Actors
94(5)
Threat Vectors
99(2)
Threat Data and Intelligence
101(8)
Open Source Intelligence
101(3)
Proprietary and Closed Source Intelligence
104(1)
Assessing Threat Intelligence
105(2)
Threat Indicator Management and Exchange
107(1)
Public and Private Information Sharing Centers
108(1)
Conducting Your Own Research
108(1)
Summary
109(1)
Exam Essentials
109(2)
Review Questions
111(4)
Chapter 5 Information Security Program Development and Management
115(30)
Information Security Programs
117(6)
Establishing a New Program
117(4)
Maintaining an Existing Program
121(2)
Security Awareness and Training
123(2)
User Training
123(1)
Role-Based Training
124(1)
Ongoing Awareness Efforts
124(1)
Managing the Information Security Team
125(2)
Hiring Team Members
126(1)
Developing the Security Team
126(1)
Managing the Security Budget
127(3)
Organizational Budgeting
127(1)
Fiscal Years
127(1)
Expense Types
128(1)
Budget Monitoring
129(1)
Integrating Security with Other Business Functions
130(9)
Procurement
130(3)
Accounting
133(1)
Human Resources
133(2)
Information Technology
135(3)
Audit
138(1)
Summary
139(1)
Exam Essentials
139(2)
Review Questions
141(4)
Chapter 6 Security Assessment and Testing
145(36)
Vulnerability Management
146(15)
Identifying Scan Targets
146(2)
Determining Scan Frequency
148(1)
Configuring Vulnerability Scans
149(5)
Scanner Maintenance
154(1)
Vulnerability Scanning Tools
155(4)
Reviewing and Interpreting Scan Reports
159(1)
Validating Scan Results
160(1)
Security Vulnerabilities
161(6)
Patch Management
162(1)
Legacy Platforms
163(1)
Weak Configurations
164(1)
Error Messages
164(1)
Insecure Protocols
165(1)
Weak Encryption
166(1)
Penetration Testing
167(7)
Adopting the Hacker Mindset
168(1)
Reasons for Penetration Testing
169(1)
Benefits of Penetration Testing
169(1)
Penetration Test Types
170(1)
Rules of Engagement
171(2)
Reconnaissance
173(1)
Running the Test
173(1)
Cleaning Up
174(1)
Training and Exercises
174(1)
Summary
175(1)
Exam Essentials
176(1)
Review Questions
177(4)
Chapter 7 Cybersecurity Technology
181(68)
Endpoint Security
182(4)
Malware Prevention
183(1)
Endpoint Detection and Response
183(1)
Data Loss Prevention
184(1)
Change and Configuration Management
185(1)
Patch Management
185(1)
System Hardening
185(1)
Network Security
186(9)
Network Segmentation
186(2)
Network Device Security
188(3)
Network Security Tools
191(4)
Cloud Computing Security
195(17)
Benefits of the Cloud
196(2)
Cloud Roles
198(1)
Cloud Service Models
198(4)
Cloud Deployment Models
202(2)
Shared Responsibility Model
204(3)
Cloud Standards and Guidelines
207(1)
Cloud Security Issues
208(2)
Cloud Security Controls
210(2)
Cryptography
212(11)
Goals of Cryptography
212(2)
Symmetric Key Algorithms
214(1)
Asymmetric Cryptography
215(2)
Hash Functions
217(1)
Digital Signatures
218(1)
Digital Certificates
219(1)
Certificate Generation and Destruction
220(3)
Code Security
223(11)
Software Development Life Cycle
223(1)
Software Development Phases
224(2)
Software Development Models
226(3)
DevSecOps and DevOps
229(1)
Code Review
230(2)
Software Security Testing
232(2)
Identity and Access Management
234(6)
Identification, Authentication, and Authorization
234(1)
Authentication Techniques
235(2)
Authentication Errors
237(1)
Single-Sign On and Federation
238(1)
Provisioning and Deprovisioning
238(1)
Account Monitoring
239(1)
Summary
240(1)
Exam Essentials
241(3)
Review Questions
244(5)
Chapter 8 Incident Response
249(48)
Security Incidents
251(1)
Phases of Incident Response
252(17)
Preparation
253(1)
Detection and Analysis
254(1)
Containment, Eradication, and Recovery
255(12)
Post-Incident Activity
267(2)
Building the Incident Response Plan
269(3)
Policy
269(1)
Procedures and Playbooks
270(1)
Documenting the Incident Response Plan
270(2)
Creating an Incident Response Team
272(1)
Incident Response Providers
273(1)
CSIRT Scope of Control
273(1)
Coordination and Information Sharing
273(1)
Internal Communications
274(1)
External Communications
274(1)
Classifying Incidents
274(5)
Threat Classification
275(1)
Severity Classification
276(3)
Conducting Investigations
279(9)
Investigation Types
279(3)
Evidence
282(6)
Plan Training, Testing, and Evaluation
288(1)
Summary
289(1)
Exam Essentials
290(2)
Review Questions
292(5)
Chapter 9 Business Continuity and Disaster Recovery
297(60)
Planning for Business Continuity
298(1)
Project Scope and Planning
299(5)
Organizational Review
300(1)
BCP Team Selection
301(1)
Resource Requirements
302(1)
Legal and Regulatory Requirements
303(1)
Business Impact Analysis
304(6)
Identifying Priorities
305(1)
Risk Identification
306(2)
Likelihood Assessment
308(1)
Impact Analysis
309(1)
Resource Prioritization
310(1)
Continuity Planning
310(3)
Strategy Development
311(1)
Provisions and Processes
311(2)
Plan Approval and Implementation
313(5)
Plan Approval
313(1)
Plan Implementation
314(1)
Training and Education
314(1)
BCP Documentation
314(4)
The Nature of Disaster
318(9)
Natural Disasters
319(5)
Human-Made Disasters
324(3)
System Resilience, High Availability, and Fault Tolerance
327(4)
Protecting Hard Drives
328(1)
Protecting Servers
329(2)
Protecting Power Sources
331(1)
Recovery Strategy
331(9)
Business Unit and Functional Priorities
332(1)
Crisis Management
333(1)
Emergency Communications
334(1)
Workgroup Recovery
334(1)
Alternate Processing Sites
334(4)
Database Recovery
338(2)
Recovery Plan Development
340(5)
Emergency Response
341(1)
Personnel and Communications
341(1)
Assessment
342(1)
Backups and Offsite Storage
342(3)
Utilities
345(1)
Logistics and Supplies
345(1)
Training, Awareness, and Documentation
345(1)
Testing and Maintenance
346(3)
Read-Through Test
346(1)
Structured Walk-Through
346(1)
Simulation Test
347(1)
Parallel Test
347(1)
Full-Interruption Test
347(1)
Lessons Learned
347(1)
Maintenance
348(1)
Summary
349(1)
Exam Essentials
349(2)
Review Questions
351(6)
Appendix Answers to the Review Questions
357(20)
Chapter 1 Today's Information Security Manager
358(2)
Chapter 2 Information Security Governance and Compliance
360(2)
Chapter 3 Information Risk Management
362(1)
Chapter 4 Cybersecurity Threats
363(2)
Chapter 5 Information Security Program Development and Management
365(3)
Chapter 6 Security Assessment and Testing
368(2)
Chapter 7 Cybersecurity Technology
370(2)
Chapter 8 Incident Response
372(2)
Chapter 9 Business Continuity and Disaster Recovery
374(3)
Index 377
ABOUT THE AUTHOR

MIKE CHAPPLE, PhD, CISM, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dames Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the Universitys Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, CertMike.com
More information about ebooks More information about ebooks
Permanent link: https://www.kriso.ee/db/97811198020442e.html
Keywords: