CISM

• About Us • ExamPrep • Support • Opportunities • Ethics & CSR • Order • Cert Index • Printed Publications •

• EXPERT Pack • MegaPack ONE • MegaPack TWO • CISSP Specializations • CISA • CISM •

Up CISM CISA CIW Security AIT

 

 

 

CISM Study Guide 2009 Edition and 175 Practice Questions

Contents updated on 19 June, 2009.

According to ISACA, the Certified Information Security Manager certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. It is especially for the individual who manages, designs, oversees and/or assesses an enterprise’s information security.

The CISM focuses more on IS security risk management and tends to be sought after by both CISA and CISSP certification communities. ISACA deliberately created the CISM to help foster a better fusion between IT Audit and Information Security perspectives. To earn the Certified Information Systems Manager (CISM) designation, you need to pass a multiple choices exam which covers the following content areas:

1. Information Security Governance
2. Information Risk Management
3. Information Security Program Development
4. Information Security Program Management
5. Incident Management and Response         

Success factors in the CISM exam = 40% TECHNOLOGY + 60% BUSINESS PRACTICE. We are not talking about the percentage of questions here. We are talking about the success factor - the technology questions are easy to answer because they are mostly based on factual information. The business practice questions are different - different answers work best in different scenarios under different conditions.

 

Table of contents  (this product has been updated on 26 June, 2009)

* this study guide has an approximate content page count of 314, plus practice questions.
EXAM FORMAT
ABOUT THIS BOOK
EXAM TOPICS
EXAM REGISTRATION CONTACTS
STUDY PSYCHOLOGY & EXAM TACTICS

KEY EXAM STRATEGIES
STRATEGY ONE: KEYWORD OR KEY PHRASE MATCHING.
STRATEGY TWO: CHOICES GROUPING.
STRATEGY THREE: THINK TRICKY.

SECURITY THEORIES
THE COMPUTER SYSTEM ITSELF AS LARGELY AN UNTRUSTED SYSTEM
DEFENSE IN DEPTH
VULNERABILITIES
SECURITY MEASURES
STANDARDS AND GUIDELINES
THE SARBANES–OXLEY ACT AND THE COSO FRAMEWORK

INFORMATION SECURITY MANAGEMENT AND GOVERNANCE
IS MANAGEMENT ACTIVITIES
INFORMATION MANAGEMENT POLICY
ORGANIZATIONAL STRUCTURE AND SUPPORT
THE ROLE OF THE INFORMATION SECURITY MANAGER
IS CONTROL CLASSIFICATION
DEVISING YOUR OWN CLASSIFICATION SCHEME
ACCESS CONTROL MODELS
ACLS VERSUS CAPABILITIES
WHAT IS ORANGE BOOK, BY THE WAY?
TYPES OF ACCESS CONTROL
THE AAA CONCEPT
PRACTICAL ACCESS CONTROL MEASURES
ESTABLISHING ACCOUNTABILITY THROUGH EVENT LOGGING
IS GOVERNANCE GUIDANCE
BASIC OUTCOMES OF IS GOVERNANCE

IT STRATEGIC PLANNING
IT STRATEGIC PLANNING DEFINED

PROTECTION OF INFORMATION ASSETS THROUGH SECURITY POLICY
INFORMATION ASSETS DEFINED
DATA CLASSIFICATIONS AND LAYER OF RESPONSIBILITIES
HANDLING CLASSIFIED MATERIAL
SECURITY POLICY
SECURITY MODELS AND MODES OF OPERATIONS
EXAMPLE POLICY
EFFECTIVE SECURITY MANAGEMENT PRACTICES AND HR
OWNERSHIP & RESPONSIBILITY
CONSEQUENCES OF VIOLATIONS
EVALUATION
SECURITY AWARENESS TRAINING
CHANGE CONTROL

RISK MANAGEMENT, BCP, BIA AND RESPONSE MANAGEMENT
RISK MANAGEMENT DEFINED
THE RISK MANAGEMENT STEPS
RISK MANAGEMENT AND THE IS MANAGER
BCP DEFINED
BCP VS BPCP VS DRP
BCP PHASES
STAKEHOLDERS AND CRISIS COMMUNICATIONS
THE RISK ASSESSMENT FLOW
RISK VS THREAT AND VULNERABILITY
IDENTIFYING RISKS
LOSS CALCULATIONS
BUSINESS IMPACT ANALYSIS DEFINED
BIA GOALS AND STEPS
BIA CHECKLIST
PREPARING FOR EMERGENCY RESPONSE
RESPONDING TO INCIDENTS AND MANAGING RECOVERY
TESTING THE PLAN
USER ACCEPTANCE
PLAN MAINTENANCE
INCIDENT HANDLING

IS PROGRAM MANAGEMENT, PROJECT MANAGEMENT AND CHANGE MANAGEMENT
INFORMATION SECURITY PLAN
INFORMATION SECURITY BASELINES
PROJECT MANAGEMENT DEFINED
CHANGE MANAGEMENT DEFINED
CHANGE MANAGEMENT STRATEGIES
CHANGE MANAGEMENT VS CHANGE CONTROL
CONFIGURATION MANAGEMENT
GENERAL GUIDELINES
SYSTEM CHANGE CONTROL
SOFTWARE DEVELOPMENT PROCESSES AND MODELS

SPECIAL TOPIC COVERAGE
Information Security Program Development and Management, with coverage on:

  • EISP
  • ISSP
  • SysSP
  • Combination SysSP
  • ISPME

IT Operations Management
Information Security Program and Policy Development
Policy and Program Management
Vulnerability & Patch Management
Data Storage Strategy
Environmental Controls
Imaging Technologies
ERP Security
Incident Response, with coverage on the different kinds of IRT.
Concealing hard disk data.

Baseline policy and guidelines
Planning and scoping of the assessment of risk
Methodologies for proper assessment of risk
Special notes on penetration testing
Internet Security
Firewall security
Virus security
Web server security
Name resolution security
Mail server security
RAS server security
Proxy server security
Authentication server security

Physical Site Management
Equipment and Media Management
Emergency Response
ERT Formation
ER Planning and Preparation
Coverage, goal and scope
Emergency priorities
Emergency Reporting Procedure
Emergency Escalation Procedure
Incident Monitoring

Forensic Processing
Software Testing
 

TECHNICAL READINGS

  • SECTION 1: TOPICS ON SECURITY THEORY
  • SECTION 2: TOPICS ON HACKING, ATTACKING, DEFENDING AND AUDITING
  • SECTION 3: TOPICS ON ENCRYPTION AND VPN
  • SECTION 4: TOPICS ON RESPONDING TO ATTACKS
  • SECTION 5: TOPICS ON VIRUSES

EXCELLENT PUBLIC RESOURCES

120 Technical Drill Practice Questions

55 Program and Policy Drill Questions

Basic Networking Technotes

Appendix updated 8 Dec 08 covering:

CMM AND CMMI
ESCROWED ENCRYPTION STANDARD (EES)
OBJECT ORIENTED DESIGN
COMPUTER FORENSICS
INCIDENT RESPONSE (IR)
HIPAA
PLATFORM FOR PRIVACY PREFERENCES PROJECT (P3P)
OECD GUIDELINES
CEI’S COMMANDMENTS OF ETHICS
THE INFOSEC ASSESSMENT METHODOLOGY (IAM)
COVERT CHANNEL ANALYSIS
COMMON CRITERIA (CC)
PHYSICAL AND ENVIRONMENTAL SECURITY
INFORMATION RETENTION & DISPOSAL PROCEDURES
BALANCED SCORECARD
BUSINESS PROCESS REENGINEERING
INTERNAL PREVENTIVE CONTROLS VERSUS COMPENSATING CONTROLS
SOFTWARE DEVELOPMENT APPROACHES: THE PROS & CONS
EMERGING PROCESSOR TECHNOLOGIES
EMERGING WIRELESS SECURITY STANDARDS
IM SECURITY
VOIP
HR AND SECURITY

 

Now comes with Practice Questions to drill you in key security technology and policy concepts!!!

The Technical Drill Practice Test Module is designed for reinforcing learning objectives and validating knowledge so you know you're prepared to answer even the toughest technical questions on the CISM certification exam. You will find this module to be a challenging and effective tool that will help you learn how to recognize IS security threats and recommend proper security solutions.

This product is part of the Security MegaPack ONE.

EXPERT Pack MegaPack ONE MegaPack TWO CISSP Specializations CISA CISM

You may also purchase the CISM study pack as an individual product for $29.

ORDER NOW.

 

All orders come with LIFE TIME FREE UPDATES. Unless otherwise stated, delivery for all e-book orders is through instant download after payment confirmation. There is no S/H charges for e-book delivery. Sales tax may apply depending on your location.

Copyright 2008 ExamREVIEW.NET. All rights reserved. Designated trademarks and brands are the property of their respective owners.

Exam Index Quick Support  Subscribe  Terms of Use  Contact Us

Support Order Updates