• About Us • ExamPrep • Support • Opportunities • Ethics & CSR • Order • Cert Index • Printed Publications •

• EXPERT Pack • MegaPack ONE • MegaPack TWO • CISSP Specializations •

CISM Study Guide 2008 Edition and 120 Technical Drill Practice Questions

Contents updated on Nov 29, 2008.

According to ISACA, the Certified Information Security Manager certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. It is especially for the individual who manages, designs, oversees and/or assesses an enterprise’s information security.

The CISM focuses more on IS security risk management and tends to be sought after by both CISA and CISSP certification communities. ISACA deliberately created the CISM to help foster a better fusion between IT Audit and Information Security perspectives. To earn the Certified Information Systems Manager (CISM) designation, you need to pass a multiple choices exam which covers the following content areas:

1. Information Security Governance
2. Information Risk Management
3. Information Security Program Development
4. Information Security Program Management
5. Incident Management and Response         

Success factors in the CISM exam = 40% TECHNOLOGY + 60% BUSINESS PRACTICE. We are not talking about the percentage of questions here. We are talking about the success factor - the technology questions are easy to answer because they are mostly based on factual information. The business practice questions are different - different answers work best in different scenarios under different conditions.

 

Table of contents  (this product has been updated on Nov 29, 2008) * this study guide has an approximate content page count of 275, plus practice questions.

EXAM FORMAT ABOUT THIS BOOK EXAM TOPICS EXAM REGISTRATION CONTACTS STUDY PSYCHOLOGY & EXAM TACTICS KEY EXAM STRATEGIES STRATEGY ONE: KEYWORD OR KEY PHRASE MATCHING. STRATEGY TWO: CHOICES GROUPING. STRATEGY THREE: THINK TRICKY. SECURITY THEORIES THE COMPUTER SYSTEM ITSELF AS LARGELY AN UNTRUSTED SYSTEM DEFENSE IN DEPTH VULNERABILITIES SECURITY MEASURES STANDARDS AND GUIDELINES THE SARBANES–OXLEY ACT AND THE COSO FRAMEWORK INFORMATION SECURITY MANAGEMENT AND GOVERNANCE IS MANAGEMENT ACTIVITIES INFORMATION MANAGEMENT POLICY ORGANIZATIONAL STRUCTURE AND SUPPORT THE ROLE OF THE INFORMATION SECURITY MANAGER IS CONTROL CLASSIFICATION DEVISING YOUR OWN CLASSIFICATION SCHEME ACCESS CONTROL MODELS ACLS VERSUS CAPABILITIES WHAT IS ORANGE BOOK, BY THE WAY? TYPES OF ACCESS CONTROL THE AAA CONCEPT PRACTICAL ACCESS CONTROL MEASURES ESTABLISHING ACCOUNTABILITY THROUGH EVENT LOGGING IS GOVERNANCE GUIDANCE BASIC OUTCOMES OF IS GOVERNANCE IT STRATEGIC PLANNING IT STRATEGIC PLANNING DEFINED PROTECTION OF INFORMATION ASSETS THROUGH SECURITY POLICY INFORMATION ASSETS DEFINED DATA CLASSIFICATIONS AND LAYER OF RESPONSIBILITIES HANDLING CLASSIFIED MATERIAL SECURITY POLICY SECURITY MODELS AND MODES OF OPERATIONS EXAMPLE POLICY EFFECTIVE SECURITY MANAGEMENT PRACTICES AND HR OWNERSHIP & RESPONSIBILITY CONSEQUENCES OF VIOLATIONS EVALUATION SECURITY AWARENESS TRAINING CHANGE CONTROL

RISK MANAGEMENT, BCP, BIA AND RESPONSE MANAGEMENT RISK MANAGEMENT DEFINED THE RISK MANAGEMENT STEPS RISK MANAGEMENT AND THE IS MANAGER BCP DEFINED BCP VS BPCP VS DRP BCP PHASES STAKEHOLDERS AND CRISIS COMMUNICATIONS THE RISK ASSESSMENT FLOW RISK VS THREAT AND VULNERABILITY IDENTIFYING RISKS LOSS CALCULATIONS BUSINESS IMPACT ANALYSIS DEFINED BIA GOALS AND STEPS BIA CHECKLIST PREPARING FOR EMERGENCY RESPONSE RESPONDING TO INCIDENTS AND MANAGING RECOVERY TESTING THE PLAN USER ACCEPTANCE PLAN MAINTENANCE INCIDENT HANDLING IS PROGRAM MANAGEMENT, PROJECT MANAGEMENT AND CHANGE MANAGEMENT INFORMATION SECURITY PLAN INFORMATION SECURITY BASELINES PROJECT MANAGEMENT DEFINED CHANGE MANAGEMENT DEFINED CHANGE MANAGEMENT STRATEGIES CHANGE MANAGEMENT VS CHANGE CONTROL CONFIGURATION MANAGEMENT GENERAL GUIDELINES SYSTEM CHANGE CONTROL SOFTWARE DEVELOPMENT PROCESSES AND MODELS TECHNICAL READINGS SECTION 1: TOPICS ON SECURITY THEORY SECTION 2: TOPICS ON HACKING, ATTACKING, DEFENDING AND AUDITING SECTION 3: TOPICS ON ENCRYPTION AND VPN SECTION 4: TOPICS ON RESPONDING TO ATTACKS SECTION 5: TOPICS ON VIRUSES EXCELLENT PUBLIC RESOURCES Study Guide TOC Download 120 Technical Drill Practice Questions Basic Networking Technotes Appendix updated 4 July 08 covering: CMM AND CMMI ESCROWED ENCRYPTION STANDARD (EES) OBJECT ORIENTED DESIGN COMPUTER FORENSICS INCIDENT RESPONSE (IR) HIPAA PLATFORM FOR PRIVACY PREFERENCES PROJECT (P3P) OECD GUIDELINES CEI’S COMMANDMENTS OF ETHICS THE INFOSEC ASSESSMENT METHODOLOGY (IAM) COVERT CHANNEL ANALYSIS COMMON CRITERIA (CC) PHYSICAL AND ENVIRONMENTAL SECURITY INFORMATION RETENTION & DISPOSAL PROCEDURES BALANCED SCORECARD BUSINESS PROCESS REENGINEERING INTERNAL PREVENTIVE CONTROLS VERSUS COMPENSATING CONTROLS SOFTWARE DEVELOPMENT APPROACHES: THE PROS & CONS EMERGING PROCESSOR TECHNOLOGIES EMERGING WIRELESS SECURITY STANDARDS HR AND SECURITY Appendix TOC Download

Now comes with 120 Practice Questions to drill you in key security technology concepts!!!

The Technical Drill Practice Test Module is designed for reinforcing learning objectives and validating knowledge so you know you're prepared to answer even the toughest technical questions on the CISM certification exam. You will find this module to be a challenging and effective tool that will help you learn how to recognize IS security threats and recommend proper security solutions.

UPGRADE Offer: Registered CBCP customer may purchase our CISM study package for the special price of USD$39! Simply forward us your CBCP email purchase receipt issued by Clickbank and you may use this order link to place the order.

All orders come with LIFE TIME FREE UPDATES. Unless otherwise stated, delivery time for all e-book (electronic delivery) orders is 24-hour after payment confirmation. There is no S/H charges for e-book delivery. Sales tax may apply depending on your location.

Subscribe  Terms of Use  Contact Us