Please click HERE to access our NEW SITE.

CISM

Home ALL Products Order Copyright & Contact

• 

 

 

 

CISM Study Guide and 175 Practice Questions


Contents updated on 19 June, 2009.

According to ISACA, the Certified Information Security Manager certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. It is especially for the individual who manages, designs, oversees and/or assesses an enterprise’s information security.

The CISM focuses more on IS security risk management and tends to be sought after by both CISA and CISSP certification communities. ISACA deliberately created the CISM to help foster a better fusion between IT Audit and Information Security perspectives. To earn the Certified Information Systems Manager (CISM) designation, you need to pass a multiple choices exam which covers the following content areas:

1. Information Security Governance
2. Information Risk Management
3. Information Security Program Development
4. Information Security Program Management
5. Incident Management and Response         

Success factors in the CISM exam = 40% TECHNOLOGY + 60% BUSINESS PRACTICE. We are not talking about the percentage of questions here. We are talking about the success factor - the technology questions are easy to answer because they are mostly based on factual information. The business practice questions are different - different answers work best in different scenarios under different conditions.

 

Table of contents

EXAM FORMAT
ABOUT THIS BOOK
EXAM TOPICS
EXAM REGISTRATION CONTACTS
STUDY PSYCHOLOGY & EXAM TACTICS

KEY EXAM STRATEGIES
STRATEGY ONE: KEYWORD OR KEY PHRASE MATCHING.
STRATEGY TWO: CHOICES GROUPING.
STRATEGY THREE: THINK TRICKY.

SECURITY THEORIES
THE COMPUTER SYSTEM ITSELF AS LARGELY AN UNTRUSTED SYSTEM
DEFENSE IN DEPTH
VULNERABILITIES
SECURITY MEASURES
STANDARDS AND GUIDELINES
THE SARBANES–OXLEY ACT AND THE COSO FRAMEWORK

INFORMATION SECURITY MANAGEMENT AND GOVERNANCE
IS MANAGEMENT ACTIVITIES
INFORMATION MANAGEMENT POLICY
ORGANIZATIONAL STRUCTURE AND SUPPORT
THE ROLE OF THE INFORMATION SECURITY MANAGER
IS CONTROL CLASSIFICATION
DEVISING YOUR OWN CLASSIFICATION SCHEME
ACCESS CONTROL MODELS
ACLS VERSUS CAPABILITIES
WHAT IS ORANGE BOOK, BY THE WAY?
TYPES OF ACCESS CONTROL
THE AAA CONCEPT
PRACTICAL ACCESS CONTROL MEASURES
ESTABLISHING ACCOUNTABILITY THROUGH EVENT LOGGING
IS GOVERNANCE GUIDANCE
BASIC OUTCOMES OF IS GOVERNANCE

IT STRATEGIC PLANNING
IT STRATEGIC PLANNING DEFINED

PROTECTION OF INFORMATION ASSETS THROUGH SECURITY POLICY
INFORMATION ASSETS DEFINED
DATA CLASSIFICATIONS AND LAYER OF RESPONSIBILITIES
HANDLING CLASSIFIED MATERIAL
SECURITY POLICY
SECURITY MODELS AND MODES OF OPERATIONS
EXAMPLE POLICY
EFFECTIVE SECURITY MANAGEMENT PRACTICES AND HR
OWNERSHIP & RESPONSIBILITY
CONSEQUENCES OF VIOLATIONS
EVALUATION
SECURITY AWARENESS TRAINING
CHANGE CONTROL

RISK MANAGEMENT, BCP, BIA AND RESPONSE MANAGEMENT
RISK MANAGEMENT DEFINED
THE RISK MANAGEMENT STEPS
RISK MANAGEMENT AND THE IS MANAGER
BCP DEFINED
BCP VS BPCP VS DRP
BCP PHASES
STAKEHOLDERS AND CRISIS COMMUNICATIONS
THE RISK ASSESSMENT FLOW
RISK VS THREAT AND VULNERABILITY
IDENTIFYING RISKS
LOSS CALCULATIONS
BUSINESS IMPACT ANALYSIS DEFINED
BIA GOALS AND STEPS
BIA CHECKLIST
PREPARING FOR EMERGENCY RESPONSE
RESPONDING TO INCIDENTS AND MANAGING RECOVERY
TESTING THE PLAN
USER ACCEPTANCE
PLAN MAINTENANCE
INCIDENT HANDLING

IS PROGRAM MANAGEMENT, PROJECT MANAGEMENT AND CHANGE MANAGEMENT
INFORMATION SECURITY PLAN
INFORMATION SECURITY BASELINES
PROJECT MANAGEMENT DEFINED
CHANGE MANAGEMENT DEFINED
CHANGE MANAGEMENT STRATEGIES
CHANGE MANAGEMENT VS CHANGE CONTROL
CONFIGURATION MANAGEMENT
GENERAL GUIDELINES
SYSTEM CHANGE CONTROL
SOFTWARE DEVELOPMENT PROCESSES AND MODELS

SPECIAL TOPIC COVERAGE
Information Security Program Development and Management, with coverage on:

  • EISP
  • ISSP
  • SysSP
  • Combination SysSP
  • ISPME

IT Operations Management
Information Security Program and Policy Development
Policy and Program Management
Vulnerability & Patch Management
Data Storage Strategy
Environmental Controls
Imaging Technologies
ERP Security
Incident Response, with coverage on the different kinds of IRT.
Concealing hard disk data.

Baseline policy and guidelines
Planning and scoping of the assessment of risk
Methodologies for proper assessment of risk
Special notes on penetration testing
Internet Security
Firewall security
Virus security
Web server security
Name resolution security
Mail server security
RAS server security
Proxy server security
Authentication server security

Physical Site Management
Equipment and Media Management
Emergency Response
ERT Formation
ER Planning and Preparation
Coverage, goal and scope
Emergency priorities
Emergency Reporting Procedure
Emergency Escalation Procedure
Incident Monitoring

Forensic Processing
Software Testing
 

TECHNICAL READINGS

  • SECTION 1: TOPICS ON SECURITY THEORY
  • SECTION 2: TOPICS ON HACKING, ATTACKING, DEFENDING AND AUDITING
  • SECTION 3: TOPICS ON ENCRYPTION AND VPN
  • SECTION 4: TOPICS ON RESPONDING TO ATTACKS
  • SECTION 5: TOPICS ON VIRUSES

EXCELLENT PUBLIC RESOURCES

120 Technical Drill Practice Questions

55 Program and Policy Drill Questions

Basic Networking Technotes

Appendix updated 8 Dec 08 covering:

CMM AND CMMI
ESCROWED ENCRYPTION STANDARD (EES)
OBJECT ORIENTED DESIGN
COMPUTER FORENSICS
INCIDENT RESPONSE (IR)
HIPAA
PLATFORM FOR PRIVACY PREFERENCES PROJECT (P3P)
OECD GUIDELINES
CEI’S COMMANDMENTS OF ETHICS
THE INFOSEC ASSESSMENT METHODOLOGY (IAM)
COVERT CHANNEL ANALYSIS
COMMON CRITERIA (CC)
PHYSICAL AND ENVIRONMENTAL SECURITY
INFORMATION RETENTION & DISPOSAL PROCEDURES
BALANCED SCORECARD
BUSINESS PROCESS REENGINEERING
INTERNAL PREVENTIVE CONTROLS VERSUS COMPENSATING CONTROLS
SOFTWARE DEVELOPMENT APPROACHES: THE PROS & CONS
EMERGING PROCESSOR TECHNOLOGIES
EMERGING WIRELESS SECURITY STANDARDS
IM SECURITY
VOIP
HR AND SECURITY

 

Now comes with Practice Questions to drill you in key security technology and policy concepts!!!

The Technical Drill Practice Test Module is designed for reinforcing learning objectives and validating knowledge so you know you're prepared to answer even the toughest technical questions on the CISM certification exam. You will find this module to be a challenging and effective tool that will help you learn how to recognize IS security threats and recommend proper security solutions.

 

 

 

ExamREVIEW is an independent content developer not associated/affiliated with the certification vendor(s) mentioned on this web page and throughout this web site. Third-party trademarks mentioned are the property of their respective owners. ExamREVIEW(TM) and ExamFOCUS(TM) are our own trademarks for publishing and marketing self-developed examprep books worldwide. The EXAMREVIEW.NET web site has been created on the Internet since January 2001. The EXAMFOCUS.NET division has its web presence established since 2009. We at ExamREVIEW develop study material entirely on our own. Our material is fully copyrighted. Braindump is strictly prohibited. We provide essential knowledge contents, NOT any generalized "study system" kind of "pick-the-right-answer-every time" techniques or "visit this link" referrals. We keep prices low by eliminating all the non-essential study features.
 

You may choose products based on their purposes and/or nature:
Ready-to-go: the product will get you sufficiently prepared for the exam assuming you have reasonable background in the corresponding field. Filling-the-gaps: the product is written to secure exam clearance through filling up exam-specific gaps found in the mainstream study material. Essential Reference: the product provides coverage on selected essential topic(s) given BOK of a massive scale. Focused revision: highly focused study notes covering key exam topics.

Our printed books are distributed primarily through CREATESPACE AMAZON. Page size is 8" x 10", grayscale printing, with font sizing ranging from 10 to 14 (Garamond).  

Our electronic study products are in PDF format. Full color printing, with font sizing ranging from 10 to 14 (Garamond).  
Shipment is through  United States Postal Service To view this web site properly, your browser needs to support Javascript. Click HERE to find out.

Copyright 2012/13. ExamREVIEW.NET. All rights reserved. Designated trademarks and brands are the property of their respective owners.

Exam Index Quick Support  Subscribe  Terms of Use  Contact Us

Order Support & Update Guides & Notes