Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Certified Information Security Manager Exam Prep Guide

You're reading from   Certified Information Security Manager Exam Prep Guide Gain the confidence to pass the CISM exam using test-oriented study material

Arrow left icon
Product type Paperback
Published in Dec 2022
Publisher Packt
ISBN-13 9781804610633
Length 718 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Hemang Doshi Hemang Doshi
Author Profile Icon Hemang Doshi
Hemang Doshi
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Enterprise Governance FREE CHAPTER 2. Information Security Strategy 3. Information Risk Assessment 4. Information Risk Response 5. Information Security Program Development 6. Information Security Program Management 7. Information Security Infrastructure and Architecture 8. Information Security Monitoring Tools and Techniques 9. Incident Management Readiness 10. Incident Management Operations 11. Answers to Practice Questions

Online Exam-Prep Tools

With this book, you will unlock unlimited access to our online exam-prep platform (Figure 0.1). This is your place to practice everything you have learned in the book.

Figure 0.1: Online exam-prep platform

Figure 0.1: Online exam-prep platform

Sharpen your understanding of concepts with multiple sets of practice questions and interactive flashcards, accessible from all modern web browsers. If you get stuck, you can raise your concerns with the author directly through the website. Before doing that, make sure to go through the list of resolved doubts as well. These are based on questions asked by other users. Finally, go through the exam tips on the website to make sure you are wellĀ prepared.

Who This Book Is For

This book is ideal for IT risk professionals, IT auditors, CISOs, information security managers, and risk management professionals.

What This Book Covers

This book is aligned with the CISM Review Manual (16th Edition; 2022) and encompasses the following topics:

Chapter 1: Enterprise Governance provides an overview of information security governance as a whole. It covers aspects such as the importance of information security governance, the role of organizational culture in information security, and security governance metrics.

Chapter 2: Information Security Strategy discusses information security strategy and highlights areas such as security strategy development, senior management's role in anĀ organization's security strategy, and the security architecture.

Chapter 3: Information Risk Assessment covers the basic aspects of risk management and deals with the basic definition of risk and its components, risk identification, analysis and evaluation, and the security baseline.

Chapter 4: Information Risk Response covers the tools and techniques used for risk response: namely, risk avoidance, risk mitigation, risk transfer, and risk acceptance. TheĀ chapter also details change management and risk management integration with the project life cycle.

Chapter 5: Information Security Program Development explores the different procedures and techniques for developing an information security program and also deals with the information security program roadmap.

Chapter 6: Information Security Program Management discusses the basics of information security program management and covers information security program objectives, theĀ security baseline, and security awareness and training.

Chapter 7: Information Security Infrastructure and Architecture defines information security architecture and explores how to implement it effectively.

Chapter 8: Information Security Monitoring Tools and Techniques emphasizes the importance of monitoring tools and techniques and introduces some of the most commonly used and most useful ones, such as intrusion detection systems, intrusion prevention systems, and firewalls.

Chapter 9: Incident Management Readiness sets out what it means to be ready for information security incidents. It covers aspects such as incident classification, businessĀ impact analysis, and insurance.

Chapter 10: Incident Management Operations covers the implementation of business continuity and disaster recovery processes and also deals with post-incident reviewĀ practices.

How to Get the Most Out of This Book

This book is directly aligned with the CISM Review Manual (16th Edition; 2022) from ISACA. It is advisable to stick to the following steps when preparing for the CISM exam:

Step 1: Read this book from end to end.

Step 2: Go through ISACA's QAE book or database.

Step 3: Refer to ISACA's CISM Review Manual.

Step 4: Memorize key concepts using the flashcards on the website.

Step 5: Attempt the online practice question sets. Make a note of the concepts you are weak in, revisit those in the book, and re-attempt the practice questions.

Step 6: Keep repeating the practice question sets till you are able to answer all the questions in each practice set correctly within the time limit.

Step 7: Review exam tips on the website.

CISM aspirants will gain a lot of confidence if they approach their CISM preparation as per these mentioned steps.

Recorded Lectures

This book is also available in video lecture format along with 200+ exam-oriented practice questions on Udemy. Buyers of this book are entitled to 30% off on HemangĀ Doshi's recorded lectures. For a discount coupon, please write to training@hemangdoshiacademy.in.

Requirements for the Online Content

The online content includes interactive elements like practice questions, flashcards, and exam tips. For optimal experience, it is recommended that you use the latest version of a modern, desktop (or mobile) web browser such as Edge, Chrome, Safari, or Firefox.

Instructions for Unlocking the Online Content

To unlock the online content, you will need to create an account on our exam-prep website using the unique sign-up code provided in this book.

Where to find the sign-up code

You can find your unique sign-up code at the start of Chapter 5, Information Security Program Development.

Figure 0.2: Enter your name and email address in the sign-up form

Figure 0.2: Enter your name and email address in the sign-up form

  1. Create a strong alphanumeric password (2) (minimum 6 characters in length):
Figure 0.3: Create a strong password in the sign-up form

Figure 0.3: Create a strong password in the sign-up form

  1. Enter the unique sign-up code (3). Once you have entered the code, click the Sign Up button.

    Note

    You only need to input the sign-up code once. After your account is created, you will be able to access the website from any device with only your email address and password.

Figure 0.4: Enter the unique sign-up code

Figure 0.4: Enter the unique sign-up code

  1. Upon a successful sign-up, you will be redirected to the dashboard (see FigureĀ 0.5).
Figure 0.5: Online exam-prep platform dashboard

Figure 0.5: Online exam-prep platform dashboard

Going forward, you will simply need to login using your email address andĀ password.

Note

If you are facing issues signing up, reach out to customercare@packt.com.

Quick Access to the Website

If you have successfully signed up, it is recommended that you bookmark this link for quick access to the website: https://packt.link/cismexamguidewebsite. Click the Login link on the top-right corner of the page to open the login page. Use the credentials you created in Steps 2 and 3 of the Instructions for Unlocking the Online Content section above.

Alternatively, you can scan the following QR code to open the website:

Figure 0.6: QR Code for the CISM online exam-prep platform

Figure 0.6: QR Code for the CISM online exam-prep platform

CISM Syllabus ā€“ 2022

The CISM exam content was updated on June 1, 2022. There are minor changes in domain nomenclature and substantial changes in the weightage of each domain tested in the new exam. The following table presents the domains and their corresponding weightage:

Earlier Domains (Applicable up to May 31, 2022)

Updated Domains (Applicable from June 1, 2022)

Information Security Governance (24%)

Information Security Governance (17%)

Information Risk Management (30%)

Information Security Risk ManagementĀ (20%)

Information Security Program Development and Management (27%)

Information Security Program (33%)

Information Security Incident Management (19%)

Incident Management (30%)

Figure 0.7: Previous and updated domains for CISM

Candidates who have based their studies so far on the previous weightings should take careful note of the changes and adjust their preparations accordingly.

The CISM exam contains 150 questions and covers the 4 information security management areas mentioned in the preceding table in Figure 0.7.

The following are the key topics that candidates will be tested on starting from JuneĀ 1,Ā 2022:

Number

Key Domains and Topics

1

Information Security Governance

A

Enterprise Governance

1A1

Organizational Culture

1A2

Legal, Regulatory, and Contractual Requirements

1A3

Organizational Structures, Roles, and Responsibilities

B

Information Security Strategy

1B1

Information Security Strategy Development

1B2

Information Governance Frameworks and Standards

1B3

Strategic Planning (e.g., budgets, resources, and business case)

2

Information Security Risk Management

A

Information Security Risk Assessment

2A1

Emerging Risk and Threat Landscape

2A2

Vulnerability and Control Deficiency Analysis

2A3

Risk Assessment and Analysis

B

Information Security Risk Response

2B1

Risk Treatment/Risk Response Options

2B2

Risk and Control Ownership

2B3

Risk Monitoring and Reporting

3

Information Security Program

A

Information Security Program Development

3A1

Information Security Program Resources (e.g., people, tools, and technologies)

3A2

Information Asset Identification and Classification

3A3

Industry Standards and Frameworks for Information Security

3A4

Information Security Policies, Procedures, and Guidelines

3A5

Information Security Program Metrics

B

Information Security Program Management

3B1

Information Security Control Design and Selection

3B2

Information Security Control Implementation and Integrations

3B3

Information Security Control Testing and Evaluation

3B4

Information Security Awareness and Training/td>

3B5

Management of External Services (e.g., providers, suppliers, third parties, andĀ fourth parties)

3B6

Information Security Program Communications and Reporting

4

Incident Management

A

Incident Management Readiness

4A1

Incident Response Plan

4A2

Business Impact Analysis (BIA)

4A3

Business Continuity Plan (BCP)

4A4

Disaster Recovery Plan (DRP)

4A5

Incident Classification/Categorization

4A6

Incident Management Training, Testing, and Evaluation

B

Incident Management Operations

4B1

Incident Management Tools and Techniques

4B2

Incident Investigation and Evaluation

4B3

Incident Containment Methods

4B4

Incident Response Communications (e.g., reporting, notification, andĀ escalation)

4B5

Incident Eradication and Recovery

4B6

Post-Incident Review Practices

Figure 0.8: Key CISM topics

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime