1st Edition

Complete Guide to CISM Certification

By Thomas R. Peltier, Justin Peltier Copyright 2007
    474 Pages 99 B/W Illustrations
    by Auerbach Publications

    The Certified Information Security Manager®(CISM®) certification program was developed by the Information Systems Audit and Controls Association (ISACA®). It has been designed specifically for experienced information security managers and those who have information security management responsibilities. The Complete Guide to CISM® Certification examines five functional areas—security governance, risk management, information security program management, information security management, and response management.

    Presenting definitions of roles and responsibilities throughout the organization, this practical guide identifies information security risks. It deals with processes and technical solutions that implement the information security governance framework, focuses on the tasks necessary for the information security manager to effectively manage information security within an organization, and provides a description of various techniques the information security manager can use. The book also covers steps and solutions for responding to an incident. At the end of each key area, a quiz is offered on the materials just presented. Also included is a workbook to a thirty-question final exam.

    Complete Guide to CISM® Certification describes the tasks performed by information security managers and contains the necessary knowledge to manage, design, and oversee an information security program. With definitions and practical examples, this text is ideal for information security managers, IT auditors, and network and system administrators.

    Information Security Governance
    Functional Area Overview
    Developing an Information Security Strategy in Support of Business Strategy and Direction
    Senior Management Commitment and Support
    Definitions of Roles and Responsibilities
    Obtaining Senior Management Commitment
    Establish Reporting Communications That Support Information
    Security Governance Activities
    Legal and Regulatory Issues
    Establish and Maintain Information Security Policies
    Ensure the Development of Procedures and Guidelines
    Develop Business Case and Enterprise Value Analysis Support
    Information Security Risk Management
    Functional Area Overview
    Develop a Systematic and Continuous Risk Management Process
    Ensure Risk Identification, Analysis, and Mitigation Activities Are Integrated Into the Life Cycle Process
    Apply Risk Identification and Analysis Methods
    Define Strategies and Prioritize Options to Mitigate Risks to
    Levels Acceptable to the Enterprise
    Report Significant Changes in Risk
    Knowledge Statements
    Information Security Program Management
    Functional Area Overview
    CISM® Mapping
    The OSI Model
    The TCP/IP Model
    IP Addressing
    Transmission Control Protocol (TCP)
    User Datagram Protocol (UDP)
    Internet Control Message Protocol (ICMP)
    CIA Triad
    Buffer Overflows versus Application Security
    Virtual Private Networks (VPNs)
    Web Server Security versus Internet Security
    Security Testing
    Information Security Management
    Functional Area Overview
    Information Systems Comply
    Ensure the Administrative Procedures for Information Systems Comply with the Enterprise’s Information Security Policy
    Ensure Services Outsourced Are Consistent
    Measure, Monitor, and Report on the Effectiveness and Efficiency of the Controls and Compliance with Information Security Policies
    Ensure That Information Security Is Not Compromised Throughout the Change Management Process
    Perform Vulnerability Assessments to Evaluate Effectiveness of Existing Controls
    Ensure That Noncompliance Issues and Other Variances are Resolved in a Timely Manner
    Information Security Awareness and Education
    Response Management
    Functional Area Overview
    CISM Mapping
    Threat Source Information
    Business Continuity Planning and Disaster Recovery Planning
    Incident Response


    Thomas R. Peltier, Justin Peltier

    “Developed by Information Systems Audit and Controls Association, The Certified Information Security Manager certification program is aimed towards information security managers with five or more years of prior experience in enterprise information security management. … have structured their book along the same lines a s the certification class, presenting advanced information on information security governance, information security risk management, information security program management, information security management, and response management. …”
    — In Book News Inc., June 2007