CISM Certified Information Security Manager Certification Exam Preparation Course in a Book for Passing the CISM Exam - The How To Pass on Your First Try Certification Study Guide

186 pages

English

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

CISM Certified Information Security Manager Certification Exam Preparation Course in a Book for Passing the CISM Exam - The How To Pass on Your First Try Certification Study Guide , livre ebook

Emereo Publishing - William Manning

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

186 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

CISM certification promotes international practices and provides executive management with assurance that those earning the certificate have the required experience and knowledge to provide effective security management and consulting services.

Individuals earning the CISM certification become part of an elite peer network, attaining a one-of-a-kind credential.

This self-study exam preparation guide for the CISM Certified Information Security Manager certification exam contains everything you need to test yourself and pass the Exam. All Exam topics are covered and insider secrets, complete explanations of all CISM Certified Information Security Manager subjects, test tricks and tips, numerous highly realistic sample questions, and exercises designed to strengthen understanding of CISM Certified Information Security Manager concepts and prepare you for exam success on the first attempt are provided.

Put your knowledge and experience to the test. Achieve CISM certification and accelerate your career.

Can you imagine valuing a book so much that you send the author a "Thank You" letter?

Tens of thousands of people understand why this is a worldwide best-seller. Is it the authors years of experience? The endless hours of ongoing research? The interviews with those who failed the exam, to identify gaps in their knowledge? Or is it the razor-sharp focus on making sure you don't waste a single minute of your time studying any more than you absolutely have to? Actually, it's all of the above.

This book includes new exercises and sample questions never before in print. Offering numerous sample questions, critical time-saving tips plus information available nowhere else, this book will help you pass the CISM Certified Information Security Manager exam on your FIRST try.

Up to speed with the theory? Buy this. Read it. And Pass the CISM Exam.

Sujets

Information Management

Gestion et management

Economics

Business

Informations

Publié par	Emereo Publishing
Date de parution	24 octobre 2012
Nombre de lectures	0
EAN13	9781742441122
Langue	English
Poids de l'ouvrage	1 Mo

Informations légales : prix de location à la page 0,1198€. Cette information est donnée uniquement à titre indicatif conformément à la législation en vigueur.

Extrait

Foreword

This Exam Preparation book is intended for those preparing for the Certified Information Security Manager certification. This book isnota replacement for completing a course. This is a study aid to assist those who have completed an accredited course and preparing for the exam. Do not underestimate the value of your own notes and study aids. The more you have, the more prepared you will be. While it is not possible to pre-empt every question and content that may be asked in the CISM exam, this book covers the main concepts covered within the CISM discipline. Due to licensing rights, we are unable to provide actual CISM Exam. However, the study notes and sample exam questions in this book will allow you to more easily prepare for a CISM exam. Ivanka Menken Executive Director The Art of Service

1 Copyright The Art of Service│Brisbane, Australia│Email:service@theartofservice.comWeb:http://theartofservice.com│eLearning:http://theartofservice.org│Phone: +61 (0)7 3252 2055

Write a review to receive anyfreeeBook from our Catalogue -$99 Value!If you recently bought this book we would love to hear from you! Benefit from receiving a free eBook from our catalogue at http://www.emereo.org/if you write a review on Amazon (or the online store where you purchased this book) about your last purchase! How does it work?To post a review on Amazon, just log in to your account and click on the Create your own review button (under Customer Reviews) of the relevant product page. You can find examples of product reviews in Amazon. If you purchased from another online store, simply follow their procedures. What happens when I submit my review?Once you have submitted your review, send us an email at review@emereo.orgwith the link to your review, and the eBook you would like as our thank you fromhttp://www.emereo.org/. Pick any book you like from the catalogue, up to $99 RRP. You will receive an email with your eBook as download link. It is that simple!

2 Copyright The Art of Service│Brisbane, Australia│Email:service@theartofservice.comWeb:http://theartofservice.com│eLearning:http://theartofservice.org│Phone: +61 (0)7 3252 2055

Table of Contents

FOREWORD............................................................................................................ 1

TABLE OF CONTENTS .............................................................................................. 3

CERTIFIED INFORMATION SECURITY MANAGER ............................................. 8

EXAM SPECIFICS............................................................................................. 9

3INFORMATION SECURITY GOVERNANCE ...................................................... 113.1INFORMATIONSECURITYBASICS......11.................................................................3.1.1Business Goals and Objectives .............................................................113.1.2Information Security Concepts.............................................................123.1.3Information Security Strategies ...........................................................143.2INFORMATIONSECURITYGOVERNANCE.............................................................173.2.1Governance Concepts ..........................................................................183.2.2Scope and Charter of Governance .......................................................203.2.3Business Function Relationships ..........................................................213.2.4Information Security Governance Framework .....................................223.3INFORMATIONSECURITYREQUIREMENTS...........................................................233.3.1Drivers for Information Security ..........................................................233.3.2Budget Planning ..................................................................................243.3.3Regulatory Requirements ....................................................................253.3.4Third Party Relationships .....................................................................263.4INFORMATIONSECURITYPREPARATION..............................................................273.4.1International Standards .......................................................................273.4.2Roles and Responsibilities ....................................................................293.4.3Information Security Officer ................................................................303.4.4Policies and Objectives.........................................................................323.4.5Centralized and Distributed Methods ..................................................334INFORMATION RISK MANAGEMENT ............................................................ 354.1RISKMANAGEMENT............................................................................53..........4.1.1Key Definitions .....................................................................................354.1.2Principles and Practices .......................................................................364.1.3Controls and Countermeasures............................................................364.2INFORMATIONSCHEMAS................................................................................384.2.1Information Classification....................................................................384.2.2Information Ownership........................................................................394.3INFORMATIONTHREATS ANDVULNERABILITIES.......04.............................................4.3.1Denial of Service 3 Copyright The Art of Service│Brisbane, Australia│Email:service@theartofservice.comWeb:http://theartofservice.com│eLearning:http://theartofservice.org│Phone: +61 (0)7 3252 2055

(DoS) 414.3.2Buffer Overflows ..................................................................................424.3.3Mobile Code.........................................................................................424.3.4Malicious Software ..............................................................................434.3.5Password Crackers ...............................................................................444.3.6Spoofing/Masquerading ......................................................................464.3.7..................................................48Sniffers, Eavesdropping, and Tapping 4.3.8Emanations..........................................................................................484.3.9Shoulder Surfing ..................................................................................494.3.10Object Reuse....................................................................................494.3.11Data Remanence .............................................................................514.3.12Unauthorized Targeted Data Mining ...............................................524.3.13..............................................................................53Dumpster Diving 4.3.14Backdoors and Trapdoors ................................................................534.3.15Theft ................................................................................................544.3.16Social Engineering ...........................................................................544.4RISKASSESSMENTS ANDANALYSIS....................................................................554.4.1General Process ...................................................................................554.4.2Qualitative Risk Assessments...............................................................554.4.3Quantitative Risk Assessments ............................................................564.4.4........................................................57Common Security Measurements 4.4.5Assessment Methodologies .................................................................584.4.6Baseline Modeling ...............................................................................584.4.7Gap Analysis ........................................................................................594.4.8Cost Benefit Analysis............................................................................604.4.9................................................................................61Information Value 563INFORMATION SECURITY PROGRAM DEVELOPMENT................................... 5.1SECURITYPROGRAMCONCEPTS.......................................................................635.1.1Strategies .............................................................................................635.1.2Program Activities................................................................................645.1.3Managing Implementation..................................................................665.2SECURITYCONTROLS.....................................................................................675.2.1Control Categories ...............................................................................695.2.2Administrative Controls .......................................................................715.2.3Technical Controls ................................................................................755.2.4Access Control Models .........................................................................775.2.5Integrity Models ..................................................................................785.2.6Rainbow Series.....................................................................................785.2.7...............82Information Technology Security Evaluation Criteria (ITSEC) 5.2.8Common Criteria..................................................................................825.3SECURITYTECHNOLOGIES...............................................................................845.3.1Identity Management ..........................................................................844 Copyright The Art of Service│Brisbane, Australia│Email:service@theartofservice.comWeb:http://theartofservice.com│eLearning:http://theartofservice.org│Phone: +61 (0)7 3252 2055

5.3.2Access Control Technologies ................................................................875.3.3Access Control Lists ..............................................................................925.3.4........................................................................92Types of Access Control 5.3.5Authentication Devices ........................................................................945.3.6Integrated Circuit Cards .......................................................................965.3.7Biometrics ..........................................................................................1025.3.8......................................................104Intrusion Detection Systems (IDS) 5.3.9Cryptography Methods ......................................................................1085.3.10Cryptography Forms ......................................................................1095.3.11Access Control Technologies ..........................................................1115.4IPSECURITY(IPSEC) ...................................................................................1145.4.1Authentication Headers and Encapsulating Security Payload ...........1155.4.2Internet Key Exchange (IKE) ...............................................................1165.4.3The IKE Process ..................................................................................1175.4.4Methods of Encryption and Integrity .................................................1185.4.5Renegotiating Lifetimes .....................................................................1185.4.6Subnets and Security Associations .....................................................1195.5SECURITYDOCUMENTATION.........................................................................0.125.5.1Types of Documentation ....................................................................1205.5.2Security Education .............................................................................1225.6COMPLIANCE.............................................................................................1245.6.1Certification and Accreditation ..........................................................1245.6.2Service Level Agreements ..................................................................1255.6.3Laws and Standards...........................................................................1265.6.41996 National Information Infrastructure Protection Act..................1275.6.5President's Executive Order on Critical Infrastructure Protection ......1275.6.6USA Patriot Act of 2001 .....................................................................1285.6.7Homeland Security Act of 2002 .........................................................1295.6.8Computer Fraud and Abuse Act .........................................................1295.6.9Electronic Communications Privacy Act (ECPA) .................................1305.7SECURITYMONITORING................................1......30.........................................5.7.1........................................................................130Change Management 5.7.2Configuration Management ..............................................................1325.7.3Information Access Control ................................................................1345.7.4Problem Management.......................................................................1365.7.5Recovery and Continuity Planning .....................................................1395.7.6Continuity Planning Process ..............................................................1405.7.7Information Incident Management ...................................................1445.7.8Managing Evidence ...........................................................................1465.8FACILITIES..147................................................................................................5.8.1Entry Points........................................................................................1505.8.2Defense in Depth ...............................................................................1535.8.3......................................................154Physical Security Implementation 5 Copyright The Art of Service│Brisbane, Australia│Email:service@theartofservice.comWeb:http://theartofservice.com│eLearning:http://theartofservice.org│Phone: +61 (0)7 3252 2055

6PRACTICE EXAM......................................................................................... 1556.1REFRESHER͞WARM UPQUESTIONS͟....................ERROR!BOOKMARK NOT DEFINED.7ANSWER GUIDE ......................................................................................... 1727.1ANSWERS TOQUESTIONS...................................ERROR!BOOKMARK NOT DEFINED.8REFERENCES .............................................................................................. 181

6 Copyright The Art of Service│Brisbane, Australia│Email:service@theartofservice.comWeb:http://theartofservice.com│eLearning:http://theartofservice.org│Phone: +61 (0)7 3252 2055

Notice of RightsAll rights reserved. No part of this book may be reproduced or transmitted in any form

by any means, electronic, mechanical, photocopying, recording, or otherwise, without

the prior written permission of the publisher. Notice of LiabilityThe information in this book is distributed on an“As Is” basis without warranty. While every precaution has been taken in the preparation of the book, neither the author nor the publisher shall have any liability to any person or entity with respect to any loss or

damage caused or alleged to be caused directly or indirectly by the instructions

contained in this book or by the products described in it. TrademarksMany of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations appear as

requested by the owner of the trademark. All other product names and services identified throughout this book are used in editorial fashion only and for the benefit of such companies with no intention of infringement of the trademark. No such use, or

the use of any trade name, is intended to convey endorsement or other affiliation with this book.

7 Copyright The Art of Service│Brisbane, Australia│Email:service@theartofservice.comWeb:http://theartofservice.com│eLearning:http://theartofservice.org│Phone: +61 (0)7 3252 2055

Certified Information Security Manager

The Certified Information Security Manager certification is for

experienced information security managers and those individuals with

responsibilities in information security management. The certification

covers the management, design, oversight, and assessment of an

enterprise's information security program using internationally

accepted practices. The CISM is accredited by the American National Standards Institute

(ANSI) under ISO/IEC 17024:2003.

The exam covers the following disciplines and percentage scope: Security Governance Information 23% Risk Management Information 22% 17% Information Security Program Development 24% Information Security Program Management 14%Management and Response Incident

8 Copyright The Art of Service│Brisbane, Australia│Email:service@theartofservice.comWeb:http://theartofservice.com│eLearning:http://theartofservice.org│Phone: +61 (0)7 3252 2055

Exam Specifics

CISM Exams are proctored by ISACA. Registration and location information can be found on thewww.isaca.orgweb site. The exam is

administered twice a year: June and December. Exams are delivered in a secure environment, proctored, and timed. Specifics about the exam are:  Price: See registration site Limit: 240 Time minutes 200of Questions: #  Question Type: Multiple Choice  Passing Score: 450 or higher After passing the exam, the candidate has five years to apply for

certification. This is done by completing the certification and verifying work experience. Experience required two years in information security management. This requirement can be substituted with the

achievement of one of the following: Information Systems Auditor (CISA) in good Certification standing. Information Systems Security Professional Certification

(CISSP) in good standing.

 Postgraduate degree in information security or related field. 9 Copyright The Art of Service│Brisbane, Australia│Email:service@theartofservice.comWeb:http://theartofservice.com│eLearning:http://theartofservice.org│Phone: +61 (0)7 3252 2055

Partial credit to fulfill the requirement is possible with one of the

following:



One full year of information systems management

experience.

One full year of general security management experience.

Skill-based security certification.

10 Copyright The Art of Service│Brisbane, Australia│Email:service@theartofservice.comWeb:http://theartofservice.com│eLearning:http://theartofservice.org│Phone: +61 (0)7 3252 2055