Complete Guide to CISM Certification

Complete Guide to CISM Certification describes the tasks performed by information security managers and offers the necessary knowledge to manage, design, and oversee an information security program. The author explains each task and related knowledge statement, as well as applicable information security management principles, practices, and strategies. The book also covers the areas of information security governance, risk management, information security program management, information security management, and response management. With definitions and practical examples, this text is ideal for information security managers, IT auditors, and network and system administrators.

The Certified Information Security Manager®(CISM®) certification program was developed by the Information Systems Audit and Controls Association (ISACA®). It has been designed specifically for experienced information security managers and those who have information security management responsibilities. The Complete Guide to CISM® Certification examines five functional areas—security governance, risk management, information security program management, information security management, and response management. Presenting definitions of roles and responsibilities throughout the organization, this practical guide identifies information security risks. It deals with processes and technical solutions that implement the information security governance framework, focuses on the tasks necessary for the information security manager to effectively manage information security within an organization, and provides a description of various techniques the information security manager can use. The book also covers steps and solutions for responding to an incident. At the end of each key area, a quiz is offered on the materials just presented. Also included is a workbook to a thirty-question final exam. Complete Guide to CISM® Certification describes the tasks performed by information security managers and contains the necessary knowledge to manage, design, and oversee an information security program. With definitions and practical examples, this text is ideal for information security managers, IT auditors, and network and system administrators.

Information Security Governance Functional Area Overview Introduction Developing an Information Security Strategy in Support of Business Strategy and Direction Senior Management Commitment and Support Definitions of Roles and Responsibilities Obtaining Senior Management Commitment Establish Reporting Communications That Support Information Security Governance Activities Legal and Regulatory Issues Establish and Maintain Information Security Policies Ensure the Development of Procedures and Guidelines Develop Business Case and Enterprise Value Analysis Support Summary Questions Information Security Risk Management Functional Area Overview Introduction Develop a Systematic and Continuous Risk Management Process Ensure Risk Identification, Analysis, and Mitigation Activities Are Integrated Into the Life Cycle Process Apply Risk Identification and Analysis Methods Define Strategies and Prioritize Options to Mitigate Risks to Levels Acceptable to the Enterprise Report Significant Changes in Risk Knowledge Statements Summary Questions Information Security Program Management Functional Area Overview CISM® Mapping Introduction The OSI Model The TCP/IP Model IP Addressing Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Internet Control Message Protocol (ICMP) CIA Triad PPPN Threats Controls Buffer Overflows versus Application Security Virtual Private Networks (VPNs) Web Server Security versus Internet Security Security Testing Summary Questions Information Security Management Functional Area Overview Introduction Information Systems Comply Ensure the Administrative Procedures for Information Systems Comply with the Enterprise’s Information Security Policy Ensure Services Outsourced Are Consistent Measure, Monitor, and Report on the Effectiveness and Efficiency of the Controls and Compliance with Information Security Policies Ensure That Information Security Is Not Compromised Throughout the Change Management Process Perform Vulnerability Assessments to Evaluate Effectiveness of Existing Controls Ensure That Noncompliance Issues and Other Variances are Resolved in a Timely Manner Information Security Awareness and Education Summary Questions Response Management Functional Area Overview CISM Mapping Introduction Threat Source Information Business Continuity Planning and Disaster Recovery Planning Incident Response Summary Questions Index