eBook - ePub
CISM Certified Information Security Manager Study Guide
Mike Chapple
This is a test
Compartir libro
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
CISM Certified Information Security Manager Study Guide
Mike Chapple
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
Sharpen your information security skills and grab an invaluable new credential with this unbeatable study guide
As cybersecurity becomes an increasingly mission-critical issue, more and more employers and professionals are turning to ISACA's trusted and recognized Certified Information Security Manager qualification as a tried-and-true indicator of information security management expertise.
In Wiley's Certified Information Security Manager (CISM) Study Guide, you'll get the information you need to succeed on the demanding CISM exam. You'll also develop the IT security skills and confidence you need to prove yourself where it really counts: on the job.
Chapters are organized intuitively and by exam objective so you can easily keep track of what you've covered and what you still need to study. You'll also get access to a pre-assessment, so you can find out where you stand before you take your studies further.
Sharpen your skills with Exam Essentials and chapter review questions with detailed explanations in all four of the CISM exam domains: Information Security Governance, Information Security Risk Management, Information Security Program, and Incident Management.
In this essential resource, you'll also:
- Grab a head start to an in-demand certification used across the information security industry
- Expand your career opportunities to include rewarding and challenging new roles only accessible to those with a CISM credential
- Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms
Perfect for anyone prepping for the challenging CISM exam or looking for a new role in the information security field, the Certified Information Security Manager (CISM) Study Guide is an indispensable resource that will put you on the fast track to success on the test and in your next job.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es CISM Certified Information Security Manager Study Guide un PDF/ePUB en línea?
Sí, puedes acceder a CISM Certified Information Security Manager Study Guide de Mike Chapple en formato PDF o ePUB, así como a otros libros populares de Computer Science y Cryptography. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
Chapter 1
Today's Information Security Manager
THE CERTIFIED INFORMATION SECURITY MANAGER (CISM) DOMAINS AND SUBTOPICS COVERED IN THIS CHAPTER INCLUDE:
- Domain 1: Information Security Governance
- A. Enterprise Governance
- 1A1. Organizational Culture
- 1A3. Organizational Structures, Roles and Responsibilities
- B. Information Security Strategy
- 1B1. Information Security Strategy Development
- A. Enterprise Governance
THE CERTIFIED INFORMATION SECURITY MANAGER (CISM) SUPPORTING TASKS COVERED IN THIS CHAPTER INCLUDE:
- 1. Identify internal and external influences to the organization that impact the information security strategy.
- 2. Establish and/or maintain an information security strategy in alignment with organizational goals and objectives.
- 7. Gain ongoing commitment from senior leadership and other stakeholders to support the successful implementation of the information security strategy.
- 8. Define, communicate, and monitor information security responsibilities throughout the organization and lines of authority.
Information security managers are responsible for leading teams of cybersecurity professionals and helping them achieve the goals of the cybersecurity program while aligning those objectives with the needs of the business. This work is crucial to protecting their organizations in today's complex threat landscape. Managers must help their teams protect the confidentiality, integrity, and availability of information and information systems used by their organizations. Fulfilling this responsibility requires a strong understanding of the threat environment facing their organization and a commitment to designing and implementing a set of controls capable of rising to the occasion and answering those threats.
In the first section of this chapter, you will learn about the role that cybersecurity managers play in a modern organization. You will then learn the basic objectives of cybersecurity: confidentiality, integrity, and availability of your operations. In the sections that follow, you will learn about some of the controls that you can put in place to protect your most sensitive data from prying eyes. This chapter sets the stage for the remainder of the book, where you will dive more deeply into many different areas of cybersecurity management.
Information Security Objectives
When most people think of cybersecurity, they imagine hackers trying to break into an organization's system and steal sensitive information, ranging from Social Security numbers and credit cards to top-secret military information. Although protecting sensitive information from unauthorized disclosure is certainly one element of a cybersecurity program, it is important to understand that cybersecurity actually has three complementary objectives, as shown in Figure 1.1.
FIGURE 1.1 The three key objectives of cybersecurity programs are confidentiality, integrity, and availability.
Confidentiality ensures that unauthorized individuals are not able to gain access to sensitive information. Cybersecurity professionals develop and implement security controls, including firewalls, access control lists, and encryption, to prevent unauthorized access to information. Attackers may seek to undermine confidentiality controls to achieve one of their goals: the unauthorized disclosure of sensitive information.
Integrity ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally. Security professionals use integrity controls, such as hashing and integrity monitoring solutions, to enforce this requirement. Integrity threats may come from attackers actively seeking the alteration of information without authorization, or they may result from human error, mechanical failure, or environmental conditions, such as a power spike corrupting information.
Availability ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them. Security professionals use availability controls, such as fault tolerance, clustering, and backups, to ensure that legitimate users gain access as needed. Similar to integrity threats, availability threats may come from attackers actively seeking the disruption of access, or they may come from human error, mechanical failure, or environmental conditions, such as a fire destroying a data center that contains valuable information or services.
Cybersecurity analysts often refer to these three goals, known as the CIA Triad, when performing their work. They often characterize risks, attacks, and security controls as meeting one or more of the three CIA Triad goals when describing them.
Role of the Information Security Manager
Information security managers are responsible for safeguarding the confidentiality, integrity, and availability of the information and systems used by their organization. But they must achieve these goals within the context of the organization's day-to-day activities and strategic objectives. The information security manager must wear the two hats shown in Figure 1.2: that of a cybersecurity subject matter expert and that of a business leader engaged with the organization's mission.
FIGURE 1.2 Information security managers must be both security experts and business leaders.
This “dual-hattedness” is perhaps the most significant defining characteristic of what makes an information security leader different from an information security professional. Information security professionals can narrow much of their focus to cybersecurity matters. Leaders, on the other hand, must maintain that organizational focus at the same time and use their expertise to help guide the organization in making decisions that are both sound from a business perspective and reasonable from a risk management perspective.
Depending on the size of an organization, information security management and leadership may be a role shared by several (or many!) different people, a consolidated role held by a single person, or even a partial role filled by someone who also bears other responsibilities within the organization. There is no one-size-fits-all answer to sizing the information security function for an organization—the selection is highly dependent on the nature of the organization's security requirements, the complexity of their operating environment, and the team they have in place.
Chief Information Security Officer
The most senior information security leader within an organization often bears the title of chief information security officer (CISO). The CISO is a senior business executive who is responsible for overseeing all information security efforts within the organization. The CISO title is commonly accepted as the standard for an organization's information security leader, although some organizations may use different titles, including these:
- Vice president...