CISM Certified Information Security Manager Certification Exam Preparation Course in a Book for Passing the CISM Exam - The How To Pass on Your First Try Certification Study Guide - Second Edition

131 pages

English

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

CISM Certified Information Security Manager Certification Exam Preparation Course in a Book for Passing the CISM Exam - The How To Pass on Your First Try Certification Study Guide - Second Edition , livre ebook

Emereo Publishing - William Maning

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

131 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

The first edition of this book and its accompanying eLearning course is regarded as a classic in its field. Now, in an expanded and updated version of The Art of Service's book, the authors once again present a step-by-step guide to getting your CISM Certificate.

The first edition of this book and is regarded as a classic in its field. Now, in an expanded and updated version of The Art of Service's book, the authors once again present a step-by-step guide to CISM Certification.

CISM certification promotes international practices and provides executive management with assurance that those earning the certificate have the required experience and knowledge to provide effective security management and consulting services.

Individuals earning the CISM certification become part of an elite peer network, attaining a one-of-a-kind credential.

This self-study exam preparation guide for the CISM Certified Information Security Manager certification exam contains everything you need to test yourself and pass the Exam. All Exam topics are covered and insider secrets, complete explanations of all CISM Certified Information Security Manager subjects, test tricks and tips, numerous highly realistic sample questions, and exercises designed to strengthen understanding of CISM Certified Information Security Manager concepts and prepare you for exam success on the first attempt are provided.

Put your knowledge and experience to the test. Achieve CISM certification and accelerate your career.

Can you imagine valuing a book so much that you send the author a "Thank You" letter?

Tens of thousands of people understand why this is a worldwide best-seller. Is it the authors years of experience? The endless hours of ongoing research? The interviews with those who failed the exam, to identify gaps in their knowledge? Or is it the razor-sharp focus on making sure you don't waste a single minute of your time studying any more than you absolutely have to? Actually, it's all of the above.

This book includes new exercises and sample questions never before in print. Offering numerous sample questions, critical time-saving tips plus information available nowhere else, this book will help you pass the CISM Certified Information Security Manager exam on your FIRST try.

Up to speed with the theory? Buy this. Read it. And Pass the CISM Exam.

Considering the increasing number of IT Professionals and their Organizations who want to be actively involved in IT Security Management, this book should do at least as well as the first edition, which is a bestseller.

Sujets

Information Management

Gestion et management

Economics

Business

Informations

Publié par	Emereo Publishing
Date de parution	24 octobre 2012
Nombre de lectures	0
EAN13	9781486456970
Langue	English

Informations légales : prix de location à la page 0,1198€. Cette information est donnée uniquement à titre indicatif conformément à la législation en vigueur.

Extrait

Foreword

Thîs Exam Preparatîon book îs întended for those preparîng for the Certîied Informatîon

Securîty Manager certîicatîon.

Thîs book îs not a replacement for completîng a course. Thîs îs a study aîd to assîst those who

have completed an accredîted course and are preparîng for the exam.

Do not underestîmate the value of your own notes and study aîds. The more notes you have,

the more prepared you wîll be.

Whîle ît îs not possîble to pre-empt every questîon and content that may be asked în the CISM

exam, thîs book covers the maîn concepts covered wîthîn the CISM dîscîplîne.

Due to lîcensîng rîghts, we are unable to provîde an actual CISM Exam. However, the study

notes and sample exam questîons în thîs book wîll allow you to more easîly prepare for a CISM

exam.

Ivanka Menken

Executîve Dîrector

The Art of Servîce

Write a review to receive anyfreeeBook from our Catalog - $99 Value!

If you recently bought thîs book we would love to hear from you! Beneit from receîvîng a free

eBook from our catalog athttp://www.emereo.orgîf you wrîte a revîew on Amazon (or the

onlîne store where you purchased thîs book) about your last purchase!

How does it work?

To post a revîew on Amazon, just log în to your account and clîck on the Create your own

revîew button (under Customer Revîews) of the relevant product page. You can ind examples

of product revîews în Amazon. If you purchased from another onlîne store, sîmply follow theîr

procedures.

What happens when ï submit my review?

Once you have submîtted your revîew, send us an emaîl atrevîew@emereo.orgwîth the lînk

to your revîew, and the eBook you would lîke as our thank you fromhttp://www.emereo.

org. Pîck any book you lîke from the catalog, up to $99 RRP. You wîll receîve an emaîl wîth your

eBook as download lînk. It îs that sîmple!

Notice of Rights

All rîghts reserved. No part of thîs book may be reproduced or transmîtted în any form by

any means, electronîc, mechanîcal, photocopyîng, recordîng, or otherwîse, wîthout the prîor

wrîtten permîssîon of the publîsher.

Notice of iability

The înformatîon în thîs book îs dîstrîbuted on an “As Is” basîs wîthout warranty. Whîle every

precautîon has been taken în the preparatîon of the book, neîther the author nor the

publîsher shall have any lîabîlîty to any person or entîty wîth respect to any loss or damage

caused or alleged to be caused dîrectly or îndîrectly by the înstructîons contaîned în thîs book

or by the products descrîbed în ît.

Trademarks

Many of the desîgnatîons used by manufacturers and sellers to dîstînguîsh theîr products

are claîmed as trademarks. Where those desîgnatîons appear în thîs book, and the publîsher

was aware of a trademark claîm, the desîgnatîons appear as requested by the owner of the

trademark. All other product names and servîces îdentîied throughout thîs book are used în

edîtorîal fashîon only and for the beneit of such companîes wîth no întentîon of înfrîngement

of the trademark. No such use, or the use of any trade name, îs întended to convey

endorsement or other aïlîatîon wîth thîs book.

1 2 3 4 4.1 4.1.1 4.1.2

4.1.3 4.2 4.2.1 4.2.2 4.2.3 4.2.4 4.3

4.3.1 4.3.2 4.3.3 4.3.4 4.4

4.4.1 4.4.2 4.4.3 4.4.4 4.4.5 5 5.1 5.1.1 5.1.2 5.1.3 5.2 5.2.1

Contents

Foreword CertiIed ïnformation Security Manager

Exam SpeciIcs ïnformation Security Governance Informatîon Securîty Basîcs

Busîness Goals and Objectîves

Informatîon Securîty Concepts

Informatîon Securîty Strategîes

Informatîon Securîty Governance

Governance Concepts

Scope and Charter of Governance Busîness Functîon Relatîonshîps Informatîon Securîty Governance Framework

Informatîon Securîty Requîrements

Drîvers for Informatîon Securîty

Budget Plannîng

Regulatory Requîrements

Thîrd Party Relatîonshîps

Informatîon Securîty Preparatîon

Internatîonal Standards

Roles and Responsîbîlîtîes

Informatîon Securîty Oïcer

Polîcîes and Objectîves

Centralîzed and Dîstrîbuted Methods

ïnformation Risk Management

Rîsk Management

Key Deinîtîons

Prîncîples and Practîces

Controls and Countermeasures

Informatîon Schemas

Informatîon Classîicatîon

1 9 10 11 11 11 12 13 15 16 16 17 18 19 19 19 20 21 22 22 23 24 24 25 27 27 27 27 28 29 29

5.2.2 5.3 5.3.1 5.3.2 5.3.3 5.3.4 5.3.5 5.3.6 5.3.7

5.3.8 5.3.9 5.3.10

5.3.11 5.3.12 5.3.13 5.3.14 5.3.15 5.3.16 5.4

5.4.1 5.4.2 5.4.3

5.4.4 5.4.5 5.4.6

5.4.7 5.4.8 5.4.9 6 6.1

6.1.1 6.1.2 6.1.3

Informatîon Ownershîp

Informatîon Threats and Vulnerabîlîtîes

Denîal of Servîce (DoS)

Buer OverLows

Mobîle Code

Malîcîous Software

Password Crackers

Spooing/Masqueradîng

Snîers, Eavesdroppîng, and Tappîng Emanatîons Shoulder Suring

Object Reuse

Data Remanence

Unauthorîzed Targeted Data Mînîng

Dumpster Dîvîng

Backdoors and Trapdoors Theft Socîal Engîneerîng

Rîsk Assessments and Analysîs

General Process

Qualîtatîve Rîsk Assessments Quantîtatîve Rîsk Assessments Common Securîty Measurements

Assessment Methodologîes

Baselîne Modelîng

Gap Analysîs

Cost Beneit Analysîs

Informatîon Value

ïnformation Security Program Development Securîty Program Concepts Strategîes

Program Actîvîtîes

Managîng Implementatîon

30 31 31 32 32 33 33 35 35 36 36 37 37 38 39 39 39 39 41 41 41 42 42 42 43 43 44 45 46 46 46 47 48

6.2 6.2.1 6.2.2

6.2.3 6.2.4 6.2.5 6.2.6 6.2.7 6.2.8 6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6

6.3.7 6.3.8 6.3.9

6.3.10 6.3.11 6.4

6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.5 6.5.1 6.5.2 6.6 6.6.1

Securîty Controls

Control Categorîes

Admînîstratîve Controls

Technîcal Controls

Access Control Models

Integrîty Models

Raînbow Serîes Informatîon Technology Securîty Evaluatîon Crîterîa (ITSEC) Common Crîterîa

Securîty Technologîes

Identîty Management

Access Control Technologîes

Access Control îsts

Types of Access Control

Authentîcatîon Devîces

Integrated Cîrcuît Cards Bîometrîcs Intrusîon Detectîon Systems (IDS) Cryptography Methods Cryptography Forms

Access Control Technologîes

IP Securîty (IPSec)

Authentîcatîon Headers and Encapsulatîng Securîty Payload

Internet Key Exchange (IKE)

The IKE Process

Methods of Encryptîon and Integrîty

Renegotîatîng îfetîmes

Subnets and Securîty Assocîatîons

Securîty Documentatîon

Types of Documentatîon

Securîty Educatîon Complîance Certîicatîon and Accredîtatîon

49 50 51 54 55 56 56 58 59 60 60 62 64 65 66 67 70 71 74 74 76 78 78 79 79 79 80 80 81 81 82 84 84

6.6.2 6.6.3

6.6.4 6.6.5 6.6.6 6.6.7 6.6.8 6.6.9 6.7 6.7.1 6.7.2 6.7.3 6.7.4 6.7.5 6.7.6 6.7.7 6.7.8

6.8 6.8.1 6.8.2 6.8.3 7 8 9 10

Servîce evel Agreements

aws and Standards

1996 Natîonal Informatîon Infrastructure Protectîon Act

Presîdent’s Executîve Order on Crîtîcal Infrastructure Protectîon USA Patrîot Act of 2001 Homeland Securîty Act of 2002

Computer Fraud and Abuse Act

Electronîc Communîcatîons Prîvacy Act (ECPA)

Securîty Monîtorîng

Change Management

Coniguratîon Management

Informatîon Access Control

Problem Management

Recovery and Contînuîty Plannîng Contînuîty Plannîng Process Informatîon Incîdent Management

Managîng Evîdence Facîlîtîes Entry Poînts

Defense în Depth

Physîcal Securîty Implementatîon

Practice Exam

Answer Guide References ïNDEX

84 85 85 86 86 86 87 87 88 88 89 90 91 93 93 96 97 98 99 101 102

104 118 125 126

CertiIed ïnformation Security Manager

The Certîied Informatîon Securîty Manager certîicatîon îs for experîenced înformatîon securîty managers and those îndîvîduals wîth responsîbîlîtîes în înformatîon securîty management. The certîicatîon covers the management, desîgn, oversîght, and assessment of an enterprîse’s înformatîon securîty program usîng înternatîonally accepted practîces.

The CISM îs accredîted by the Amerîcan Natîonal Standards Instîtute (ANSI) under ISO/IEC 17024:2003.

The exam covers the followîng dîscîplînes and percentage scope: • Informatîon Securîty Governance 23% • Informatîon Rîsk Management 22% • Informatîon Securîty Program Development 17% • Informatîon Securîty Program Management 24% • Incîdent Management and Response 14%

Exam SpeciIcs

CISM Exams are proctored by ISACA. Regîstratîon and locatîon înformatîon can be found on thewww.îsaca.orgwebsîte. The exam îs admînîstered twîce a year în June and December.

Exams are delîvered în a secure envîronment, proctored, and tîmed.

Specîics about the exam are: • Prîce: See regîstratîon sîte • Tîme îmît: 240 mînutes • # of Questîons: 200 • Questîon Type: Multîple Choîce • Passîng Score: 450 or hîgher

After passîng the exam, the candîdate has ive years to apply for certîicatîon. Thîs îs done by completîng the certîicatîon and verîfyîng work experîence. Two years of general work experîence în the ield of înformatîon securîty and three years experîence în înformatîon securîty management îs requîred. The management requîrement cannot be substîtuted; however, the general work experîence may be substîtuted wîth the achîevement of one of the followîng: • Certîicatîon Informatîon Systems Audîtor (CISA) în good standîng. • Certîicatîon Informatîon Systems Securîty Professîonal (CISSP) în good standîng. • Postgraduate degree în înformatîon securîty or related ield.

Partîal credît (one year) to fulill the above requîrement îs possîble wîth one of the followîng: • One full year of înformatîon systems management experîence. • One full year of general securîty management experîence. • Skîll-based securîty certîicatîon.