Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Certified Information Security Manager Exam Prep Guide
Certified Information Security Manager Exam Prep Guide

Certified Information Security Manager Exam Prep Guide: Gain the confidence to pass the CISM exam using test-oriented study material , Second Edition

eBook
€25.99 €37.99
Paperback
€47.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Certified Information Security Manager Exam Prep Guide

Information Security Strategy

Accessing the Online Content

With this book, you get unlimited access to web-based CISM exam prep tools which include practice questions, flashcards, exam tips, and more. To unlock the content, you'll need to create an account using your unique sign-up code provided with this book. Refer to the Instructions for Unlocking the Online Content section in the Preface on how to do that.

If you've already created your account using those instructions, visit this link http://packt.link/cismexamguidewebsite or scan the following QR code to quickly open the website. Once there, click the Login link in the top-right corner of the page to access the content using your credentials.

Barcode 3

In this chapter, you will explore the practical aspects of an information security strategy and understand how a well-defined strategy impacts the success of security projects. You will learn about the different aspects of what a security strategy is and understand...

Information Security Strategy and Plan

An information security strategy is a set of actions designed to ensure that an organization achieves its security objectives. This strategy includes what should be done, how it should be done, and when it should be done to achieve the security objectives.

A strategy is basically a roadmap of specific actions that must be completed to achieve any objective. Long-term and short-term plans are finalized based on the strategy adopted.

The primary objective of any security strategy is to support the business objectives, and the information security strategy should be aligned with the business objectives. The first step for an information security manager in creating a plan is to understand and evaluate the business strategy. This is essential to align the information security plan with the business strategy.

A strategy plan should include the desired level of information security. A strategy is only considered effective if the objectives...

Information Governance Frameworks and Standards

The governance framework is a structure or outline that supports the implementation of the information security strategy. It provides the best practices for a structured security program. Frameworks are flexible structures that any organization can adopt as per their environment and requirements. COBIT and ISO 27001 are two widely accepted and implemented frameworks for security governance.

The Objective of Information Security Governance

Information security governance is a subset of enterprise governance. The same framework should be used for both enterprise governance and security governance to enable better integration of one with the other.

The following are the objectives of security governance:

  • To ensure that security initiatives are aligned with the business strategy and that they support organizational objectives.
  • To optimize security investments and ensure the high-value execution of business processes...

The IT Balanced Scorecard

Figure 2.3: IT balanced scorecard

The objective of an IT balanced scorecard (IT BSC) is to establish, monitor, and evaluate IT performance in terms of (i) business contribution, (ii) future orientation, (iii) operational excellence, and (iv) user orientation.

CISM aspirants should understand the following aspects of a balanced scorecard:

  • The primary objective of an IT balanced scorecard is to optimize performance.
  • The three indicators of an IT balanced scorecard are (a) customer satisfaction, (b) internal processes, and (c) the ability to innovate.

    Note

    Though financial performance is an indicator of a generic balanced scorecard, it is not part of an IT BSC.

  • An IT BSC is the most effective means to aid the IT strategy committee and management in achieving IT governance through proper IT and business alignment. The success of an IT balanced scorecard depends upon the involvement of senior management in...

Information Security Programs

A program can be defined as a set of activities implemented in a structured manner to achieve a common objective. A security program includes various activities, such as implementing controls, raising awareness, monitoring, and reporting on controls and other related activities.

A security strategy is a guiding force for the implementation of a security program. The roadmap detailing the security implementation, i.e., procedure, resources, and timelines, is developed based on this strategy. Further, various implementation activities can be aligned and integrated on the basis of this strategy to achieve security objectives more effectively and efficiently.

An information security program should be aligned with the business objectives of the organization. The effectiveness of an information security program is determined based on its ability to address the risks impacting the business objectives.

Key Aspects from the CISM Exam Perspective

Following...

Enterprise Information Security Architecture

Figure 2.5: Security budget

Enterprise Architecture (EA) defines and documents the structure and process flow of the operations of an organization. It describes how different elements such as processes, systems, data, employees, and other infrastructure are integrated to achieve the organization's current and future objectives.

Security architecture is a subset of enterprise architecture. Its objective is to improve the security posture of the organization. Security architecture clearly defines the processes that a business performs and how those processes are executed and secured.

The first step for a security manager implementing the security strategy is to understand and evaluate the IT architecture and portfolio. Once they have a fair idea of the IT architecture, they can determine the security strategy.

Challenges in Designing the Security Architecture

While designing the security architecture...

Awareness and Education

Figure 2.7: Training for information security

End users are one of the most important stakeholders when considering the overall security strategy. Training, education, and awareness are of extreme importance to ensure that policies, standards, and procedures are appropriately followed.

Increasing the Effectiveness of Security Training

The most effective way to increase the effectiveness of training is to customize it as per the target audience and to address the systems and procedures applicable to that particular group. For example, a system developer needs to undergo an enhanced level of training that covers secure coding aspects. By contrast, data entry operators only need to be trained on security aspects related to their functions.

Key Aspects from the CISM Exam Perspective

Following are some of the key aspects from the perspective of the CISM exam:

...

Question

Governance, Risk Management, and Compliance

GRC is a term used to align and integrate the processes of governance, risk management, and compliance. GRC emphasizes that governance should be in place for effective risk management and the enforcement of compliance.

Governance, risk management, and compliance are three related aspects that help achieve organizational objectives. GRC aims to lay down operations for more effective organizational processes and avoid wasteful overlaps. Each of these three disciplines impacts the organization's technologies, people, processes, and information. If GRC activities are handled independently of each other, it may result in a considerable amount of duplication and a waste of resources. The integration of these three functions helps to streamline assurance activities by addressing overlapping and duplicated GRC activities.

Though GRC can be applied in any function of an organization, it focuses primarily on financial, IT, and legal areas...

Senior Management Commitment

For effective implementation of security governance, support and commitment from senior management is the most important prerequisite. A lack of high-level sponsorship will have an adverse impact on the effectiveness of security projects.

It is very important for the information security manager to gain support from senior management. The most effective way is to ensure that the security program continues to be aligned with, and supports, the business objectives. This is critical for promoting management support. Senior management is more concerned about the achievement of business objectives and will be keen to address all risks impacting key business objectives.

Obtaining commitment from senior managers is very important to ensure appropriate investment in information security, as you will explore in the next section.

Information Security Investment

Any investment should be able to provide value to the business. The primary driver for investment...

Business Case and Feasibility Study

A business case is a justification for a proposed project. It is prepared to justify the effort and investment in a proposed project and captures the reasoning for initiating a new project or task. Generally, the business case is a precursor to the start of any new project.

The business case is a key element in the decision-making for any project. The proposed return on investment (ROI), along with any other expected benefits, is the most important consideration for decision-making in any new project.

The first step in developing a business case is to define the need for and justification of the problem.

A feasibility study or analysis is an analysis that takes various factors into account, including economic, technical, and legal factors, to ascertain the likelihood of completing the project successfully.

A feasibility study should consider how the project will impact the organization in terms of risk, costs, and benefits. It helps...

Summary

In this chapter, you learned about the various aspects of security strategy, governance frameworks, and information security programs. You also explored in detail the benefits of increasing the effectiveness of security training. This helps the CISM aspirant understand the organization's security program and architecture.

In the next chapter, you will go through the important aspects of information risk assessment.

Revision Questions

  1. The most important consideration while developing an information security strategy is:
    1. The availability of information security resources
    2. Adherence to laws and regulations
    3. Effectiveness in mitigating risk
    4. Budget allocation for information security
  2. The objectives of information security can be best described as:
    1. The requirements of the desired state
    2. The attributes of the current state
    3. The key business processes
    4. The control objectives for loss expectations
  3. The most important factor when developing risk management strategies is:
    1. Using an industry-adopted risk assessment framework
    2. Aligning with business objectives and risk appetite
    3. Technology architecture
    4. The geographical spread of business units
  4. "Systems thinking," in terms of information security, refers to:
    1. The perspective of artificial intelligence
    2. The perspective of the whole being greater than the sum of its individual parts
    3. The perspective of supporting the business objective
    4. The perspective of governance...
Left arrow icon Right arrow icon

Key benefits

  • Use this comprehensive resource to prepare for ISACA’s CISM certification
  • Unlock free online tools including interactive practice questions, exam tips, and flashcards to effectively prepare for the CISM exam
  • Understand the theory behind information security program development and management

Description

CISM is a globally recognized and much sought-after certification in the field of IT security. This second edition of the Certified Information Security Manager Exam Prep Guide is up to date with complete coverage of the exam content through comprehensive and exam-oriented explanations of core concepts. Written in a clear, succinct manner, this book covers all four domains of the CISM Review Manual. With this book, you’ll unlock access to a powerful exam-prep platform which includes interactive practice questions, exam tips, and flashcards. The platform perfectly complements the book and even lets you bring your questions directly to the author. This mixed learning approach of exploring key concepts through the book and applying them to answer practice questions online is designed to help build your confidence in acing the CISM certification. By the end of this book, you'll have everything you need to succeed in your information security career and pass the CISM certification exam with this handy, on-the-job desktop reference guide.

Who is this book for?

If you’re an IT professional, IT security officer, or risk management executive looking to upgrade your career by passing the CISM exam, this book is for you. Basic familiarity with information security concepts is required to make the most of this book.

What you will learn

  • Understand core exam objectives to prepare for the CISM exam with confidence
  • Get to grips with detailed procedural guidelines for effective information security incident management
  • Execute information security governance in an efficient manner
  • Strengthen your preparation for the CISM exam using interactive flashcards and practice questions
  • Conceptualize complex topics through diagrams and examples
  • Find out how to integrate governance, risk management, and compliance functions

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Dec 16, 2022
Length: 718 pages
Edition : 2nd
Language : English
ISBN-13 : 9781804617854
Category :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Dec 16, 2022
Length: 718 pages
Edition : 2nd
Language : English
ISBN-13 : 9781804617854
Category :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 127.97
Certified Ethical Hacker (CEH) v12 312-50 Exam Guide
€37.99
Digital Forensics and Incident Response
€41.99
Certified Information Security Manager Exam Prep Guide
€47.99
Total 127.97 Stars icon

Table of Contents

11 Chapters
Enterprise Governance Chevron down icon Chevron up icon
Information Security Strategy Chevron down icon Chevron up icon
Information Risk Assessment Chevron down icon Chevron up icon
Information Risk Response Chevron down icon Chevron up icon
Information Security Program Development Chevron down icon Chevron up icon
Information Security Program Management Chevron down icon Chevron up icon
Information Security Infrastructure and Architecture Chevron down icon Chevron up icon
Information Security Monitoring Tools and Techniques Chevron down icon Chevron up icon
Incident Management Readiness Chevron down icon Chevron up icon
Incident Management Operations Chevron down icon Chevron up icon
Answers to Practice Questions Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.8
(71 Ratings)
5 star 83.1%
4 star 16.9%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Victor Esteban Lora Lorenzo Aug 31, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It is a great study resource for the CISM certification, since it has all the topics written in a simple, clear and concise way, I recommend it 100%
Amazon Verified review Amazon
Uday K. Jun 29, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I received a copy of this book for review purposes.Hemang Doshi's "Certified Information Security Manager Exam Prep Guide" is an exceptional resource for anyone preparing for the CISM exam. The book provides comprehensive coverage of the exam domains, with clear explanations and practical examples that enhance understanding. His writing style is engaging and concise, making it easy to follow along. The inclusion of real-world scenarios and practical applications adds value, allowing readers to apply their knowledge in real-life situations. The practice questions at the end of each chapter mirror the exam format and provide an excellent assessment tool. Additionally, the book offers valuable tips and strategies for exam preparation. Overall, this guide is an excellent companion for those seeking success in their CISM certification journey. Highly recommended.
Amazon Verified review Amazon
Abhinav Bhatt Aug 06, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Hemang Doshi's CISM certification prep book is an outstanding resource for anyone pursuing the Certified Information Security Manager credential. The book is meticulously organized, covering all four CISM domains with clarity and depth. Doshi's expertise in information security management is evident throughout, as he breaks down complex concepts into easily understandable sections.One of the book's greatest strengths is its practical approach. It includes real-world examples, case studies, and practice questions that not only reinforce learning but also prepare readers for the types of scenarios they will face in the exam and in their professional roles. The detailed explanations of answers help in grasping the underlying principles, ensuring that the knowledge gained is both theoretical and applicable.Moreover, the book is up-to-date with the latest CISM exam content, reflecting current industry standards and practices. Doshi's writing style is engaging and straightforward, making it accessible for readers with varying levels of experience in information security.I highly recommend Hemang Doshi's CISM prep book to anyone serious about earning their CISM certification. It's a comprehensive, well-structured, and practical guide that will undoubtedly enhance your understanding of information security management and significantly increase your chances of passing the exam.
Amazon Verified review Amazon
Henry Apr 27, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I have read his CISA book to pass my exam. It was very helpful and must have! Now that I am studying for CISM, I decided to go with this book and Q&A from ISACA. Hemang Doshi's writing is very easy to understand and to the point. I highly recommend reading this book and doing the exercises before going through the official study guide and Q&A.
Amazon Verified review Amazon
Duane Gran Feb 10, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I was invited by the authors to review the book and offer feedback. An area where many aspiring CISM candidates struggle is to put their mind in the right frame of reference. They often come from a technical background and need to think in terms of managing an accountable process, not applying a specific technical fix or control. To that end, I think this volume does a particularly good job of guiding the reader to see the bigger picture when analyzing exam questions, but ultimately in career progression the change in reference should serve readers well as they move into security management roles. That itself is the real measure and value of a book like this and I think many security managers will keep the reference handy in years to come.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.