CISM Certified Information Security Manager. Exam Guide

Cover
CISM® Certified Information Security Manager
Title
Copyright
Dedication
ABOUT THE AUTHOR
CONTENTS AT A GLANCE
CONTENTS
ACKNOWLEDGMENTS
INTRODUCTION
Purpose of This Book
How to Use This Book
About This Second Edition
Becoming a CISM Professional
ISACA Code of Professional Ethics
The Certification Exam
Preparing for the Exam
Applying for CISM Certification
Retaining Your CISM Certification
Revocation of Certification
Living the CISM Lifestyle
Summary
PART I Information Security Governance
Enterprise Governance
Introduction to Information Security Governance
Organizational Culture
Legal, Regulatory, and Contractual Requirements
Organizational Structure, Roles, and Responsibilities
Chapter Review
Information Security Strategy
Information Security Strategy Development
Information Governance Frameworks and Standards
Strategic Planning
Chapter Review
PART II Information Security Risk Management
Information Security Risk Assessment
Emerging Risk and Threat Landscape
Vulnerability and Control Deficiency Analysis
Risk Assessment and Analysis
Chapter Review
Information Security Risk Response
Risk Treatment / Risk Response Options
Risk and Control Ownership
Risk Monitoring and Reporting
Chapter Review
PART III Information Security Risk Management
Information Security Program Development
Information Security Program Resources
Information Asset Identification and Classification
Industry Standards and Frameworks for Information Security
Information Security Policies, Procedures, and Guidelines
Information Security Program Metrics
Chapter Review
Information Security Program Management
Information Security Control Design and Selection
Information Security Control Implementation and Integrations
Information Security Control Testing and Evaluation
Information Security Awareness and Training
Management of External Services
Information Security Program Communications and Reporting
IT Service Management
Continuous Improvement
Chapter Review
PART IV Incident Management
Incident Management Readiness
Incident Response Plan
Business Impact Analysis
Business Continuity Plan (BCP)
Disaster Recovery Plan (DRP)
Incident Classification/Categorization
Incident Management Training, Testing, and Evaluation
Chapter Review
Incident Management Operations
Incident Management Tools and Techniques
Incident Investigation and Evaluation
Incident Containment Methods
Incident Response Communications
Incident Eradication, and Recovery
Post-incident Review Practices
Chapter Review
PART V Appendix and Glossary
About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Single User License Terms and Conditions
TotalTester Online
Technical Support
GLOSSARY
INDEX