Details

<p>Introduction Assessment Test xxi<br /> <br /> <b>Chapter 1 Today’s Information Security Manager 1</b></p> <p>Information Security Objectives 2</p> <p>Role of the Information Security Manager 3</p> <p>Chief Information Security Officer 4</p> <p>Lines of Authority 4</p> <p>Organizing the Security Team 5</p> <p>Roles and Responsibilities 7</p> <p>Information Security Risks 8</p> <p>The DAD Triad 8</p> <p>Incident Impact 9</p> <p>Building an Information Security Strategy 12</p> <p>Threat Research 12</p> <p>SWOT Analysis 13</p> <p>Gap Analysis 13</p> <p>Creating SMART Goals 16</p> <p>Alignment with Business Strategy 16</p> <p>Leadership Support 17</p> <p>Internal and External Influences 17</p> <p>Cybersecurity Responsibilities 18</p> <p>Communication 19</p> <p>Action Plans 19</p> <p>Implementing Security Controls 20</p> <p>Security Control Categories 21</p> <p>Security Control Types 21</p> <p>Data Protection 23</p> <p>Summary 25</p> <p>Exam Essentials 25</p> <p>Review Questions 27</p> <p><b>Chapter 2 Information Security Governance and Compliance 31</b></p> <p>Governance 33</p> <p>Corporate Governance 33</p> <p>Governance, Risk, and Compliance Programs 35</p> <p>Information Security Governance 35</p> <p>Developing Business Cases 36</p> <p>Third- Party Relationships 37</p> <p>Understanding Policy Documents 38</p> <p>Policies 38</p> <p>Standards 40</p> <p>Procedures 42</p> <p>Guidelines 43</p> <p>Exceptions and Compensating Controls 44</p> <p>Developing Policies 45</p> <p>Complying with Laws and Regulations 46</p> <p>Adopting Standard Frameworks 47</p> <p>Cobit 47</p> <p>NIST Cybersecurity Framework 49</p> <p>NIST Risk Management Framework 52</p> <p>ISO Standards 53</p> <p>Benchmarks and Secure Configuration Guides 54</p> <p>Security Control Verification and Quality Control 56</p> <p>Summary 57</p> <p>Exam Essentials 57</p> <p>Review Questions 59</p> <p><b>Chapter 3 Information Risk Management 63</b></p> <p>Analyzing Risk 65</p> <p>Risk Identification 66</p> <p>Risk Calculation 67</p> <p>Risk Assessment 68</p> <p>Risk Treatment and Response 72</p> <p>Risk Mitigation 73</p> <p>Risk Avoidance 74</p> <p>Risk Transference 74</p> <p>Risk Acceptance 75</p> <p>Risk Analysis 75</p> <p>Disaster Recovery Planning 78</p> <p>Disaster Types 78</p> <p>Business Impact Analysis 79</p> <p>Privacy 79</p> <p>Sensitive Information Inventory 80</p> <p>Information Classification 80</p> <p>Data Roles and Responsibilities 82</p> <p>Information Lifecycle 83</p> <p>Privacy- Enhancing Technologies 83</p> <p>Privacy and Data Breach Notification 84</p> <p>Summary 84</p> <p>Exam Essentials 85</p> <p>Review Questions 86</p> <p><b>Chapter 4 Cybersecurity Threats 91</b></p> <p><b>Chapter 5 Exploring Cybersecurity Threats 92</b></p> <p>Classifying Cybersecurity Threats 92</p> <p>Threat Actors 94</p> <p>Threat Vectors 99</p> <p>Threat Data and Intelligence 101</p> <p>Open Source Intelligence 101</p> <p>Proprietary and Closed Source Intelligence 104</p> <p>Assessing Threat Intelligence 105</p> <p>Threat Indicator Management and Exchange 107</p> <p>Public and Private Information Sharing Centers 108</p> <p>Conducting Your Own Research 108</p> <p>Summary 109</p> <p>Exam Essentials 109</p> <p>Review Questions 111</p> <p>Information Security Program Development and Management 115</p> <p>Information Security Programs 117</p> <p>Establishing a New Program 117</p> <p>Maintaining an Existing Program 121</p> <p>Security Awareness and Training 123</p> <p>User Training 123</p> <p>Role- Based Training 124</p> <p>Ongoing Awareness Efforts 124</p> <p>Managing the Information Security Team 125</p> <p>Hiring Team Members 126</p> <p>Developing the Security Team 126</p> <p>Managing the Security Budget 127</p> <p>Organizational Budgeting 127</p> <p>Fiscal Years 127</p> <p>Expense Types 128</p> <p>Budget Monitoring 129</p> <p>Integrating Security with Other Business Functions 130</p> <p>Procurement 130</p> <p>Accounting 133</p> <p>Human Resources 133</p> <p>Information Technology 135</p> <p>Audit 138</p> <p>Summary 139</p> <p>Exam Essentials 139</p> <p>Review Questions 141</p> <p><b>Chapter 6 Security Assessment and Testing 145</b></p> <p>Vulnerability Management 146</p> <p>Identifying Scan Targets 146</p> <p>Determining Scan Frequency 148</p> <p>Configuring Vulnerability Scans 149</p> <p>Scanner Maintenance 154</p> <p>Vulnerability Scanning Tools 155</p> <p>Reviewing and Interpreting Scan Reports 159</p> <p>Validating Scan Results 160</p> <p>Security Vulnerabilities 161</p> <p>Patch Management 162</p> <p>Legacy Platforms 163</p> <p>Weak Configurations 164</p> <p>Error Messages 164</p> <p>Insecure Protocols 165</p> <p>Weak Encryption 166</p> <p>Penetration Testing 167</p> <p>Adopting the Hacker Mindset 168</p> <p>Reasons for Penetration Testing 169</p> <p>Benefits of Penetration Testing 169</p> <p>Penetration Test Types 170</p> <p>Rules of Engagement 171</p> <p>Reconnaissance 173</p> <p>Running the Test 173</p> <p>Cleaning Up 174</p> <p>Training and Exercises 174</p> <p>Summary 175</p> <p>Exam Essentials 176</p> <p>Review Questions 177</p> <p><b>Chapter 7 Cybersecurity Technology 181</b></p> <p>Endpoint Security 182</p> <p>Malware Prevention 183</p> <p>Endpoint Detection and Response 183</p> <p>Data Loss Prevention 184</p> <p>Change and Configuration Management 185</p> <p>Patch Management 185</p> <p>System Hardening 185</p> <p>Network Security 186</p> <p>Network Segmentation 186</p> <p>Network Device Security 188</p> <p>Network Security Tools 191</p> <p>Cloud Computing Security 195</p> <p>Benefits of the Cloud 196</p> <p>Cloud Roles 198</p> <p>Cloud Service Models 198</p> <p>Cloud Deployment Models 202</p> <p>Shared Responsibility Model 204</p> <p>Cloud Standards and Guidelines 207</p> <p>Cloud Security Issues 208</p> <p>Cloud Security Controls 210</p> <p>Cryptography 212</p> <p>Goals of Cryptography 212</p> <p>Symmetric Key Algorithms 214</p> <p>Asymmetric Cryptography 215</p> <p>Hash Functions 217</p> <p>Digital Signatures 218</p> <p>Digital Certificates 219</p> <p>Certificate Generation and Destruction 220</p> <p>Code Security 223</p> <p>Software Development Life Cycle 223</p> <p>Software Development Phases 224</p> <p>Software Development Models 226</p> <p>DevSecOps and DevOps 229</p> <p>Code Review 230</p> <p>Software Security Testing 232</p> <p>Identity and Access Management 234</p> <p>Identification, Authentication, and Authorization 234</p> <p>Authentication Techniques 235</p> <p>Authentication Errors 237</p> <p>Single- Sign On and Federation 238</p> <p>Provisioning and Deprovisioning 238</p> <p>Account Monitoring 239</p> <p>Summary 240</p> <p>Exam Essentials 241</p> <p>Review Questions 244</p> <p><b>Chapter 8 Incident Response 249</b></p> <p>Security Incidents 251</p> <p>Phases of Incident Response 252</p> <p>Preparation 253</p> <p>Detection and Analysis 254</p> <p>Containment, Eradication, and Recovery 255</p> <p>Post- Incident Activity 267</p> <p>Building the Incident Response Plan 269</p> <p>Policy 269</p> <p>Procedures and Playbooks 270</p> <p>Documenting the Incident Response Plan 270</p> <p>Creating an Incident Response Team 272</p> <p>Incident Response Providers 273</p> <p>CSIRT Scope of Control 273</p> <p>Coordination and Information Sharing 273</p> <p>Internal Communications 274</p> <p>External Communications 274</p> <p>Classifying Incidents 274</p> <p>Threat Classification 275</p> <p>Severity Classification 276</p> <p>Conducting Investigations 279</p> <p>Investigation Types 279</p> <p>Evidence 282</p> <p>Plan Training, Testing, and Evaluation 288</p> <p>Summary 289</p> <p>Exam Essentials 290</p> <p>Review Questions 292</p> <p><b>Chapter 9 Business Continuity and Disaster Recovery 297</b></p> <p>Planning for Business Continuity 298</p> <p>Project Scope and Planning 299</p> <p>Organizational Review 300</p> <p>BCP Team Selection 301</p> <p>Resource Requirements 302</p> <p>Legal and Regulatory Requirements 303</p> <p>Business Impact Analysis 304</p> <p>Identifying Priorities 305</p> <p>Risk Identification 306</p> <p>Likelihood Assessment 308</p> <p>Impact Analysis 309</p> <p>Resource Prioritization 310</p> <p>Continuity Planning 310</p> <p>Strategy Development 311</p> <p>Provisions and Processes 311</p> <p>Plan Approval and Implementation 313</p> <p>Plan Approval 313</p> <p>Plan Implementation 314</p> <p>Training and Education 314</p> <p>BCP Documentation 314</p> <p>The Nature of Disaster 318</p> <p>Natural Disasters 319</p> <p>Human- Made Disasters 324</p> <p>System Resilience, High Availability, and Fault Tolerance 327</p> <p>Protecting Hard Drives 328</p> <p>Protecting Servers 329</p> <p>Protecting Power Sources 331</p> <p>Recovery Strategy 331</p> <p>Business Unit and Functional Priorities 332</p> <p>Crisis Management 333</p> <p>Emergency Communications 334</p> <p>Workgroup Recovery 334</p> <p>Alternate Processing Sites 334</p> <p>Database Recovery 338</p> <p>Recovery Plan Development 340</p> <p>Emergency Response 341</p> <p>Personnel and Communications 341</p> <p>Assessment 342</p> <p>Backups and Offsite Storage 342</p> <p>Utilities 345</p> <p>Logistics and Supplies 345</p> <p>Training, Awareness, and Documentation 345</p> <p>Testing and Maintenance 346</p> <p>Read- Through Test 346</p> <p>Structured Walk- Through 346</p> <p>Simulation Test 347</p> <p>Parallel Test 347</p> <p>Full- Interruption Test 347</p> <p>Lessons Learned 347</p> <p>Maintenance 348</p> <p>Summary 349</p> <p>Exam Essentials 349</p> <p>Review Questions 351</p> <p>Appendix Answers to the Review Questions 357</p> <p>Chapter 1: Today’s Information Security Manager 358</p> <p>Chapter 2: Information Security Governance and Compliance 360</p> <p>Chapter 3: Information Risk Management 362</p> <p>Chapter 4: Cybersecurity Threats 363</p> <p>Chapter 5: Information Security Program Development and Management 365</p> <p>Chapter 6: Security Assessment and Testing 368</p> <p>Chapter 7: Cybersecurity Technology 370</p> <p>Chapter 8: Incident Response 372</p> <p>Chapter 9: Business Continuity and Disaster Recovery 374<br /> <br /> Index 377</p>

<p><b> ABOUT THE AUTHOR</b></p> <p><b>MIKE CHAPPLE, PhD, CISM,</b> is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University’s Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, CertMike.com

<p><b>Your personal roadmap to preparing for the Certified Information Security Manager (CISM) exam </b> </p> <p>The <i>Certified Information Security Manager (CISM) Study Guide</i> is your one-stop resource for complete coverage of the challenging CISM exam from ISACA. This Sybex Study Guide covers 100% of the 2022 version of the CISM domain competencies. You’ll prepare for the exam with efficient and accurate content that’s intuitively organized by exam objective so you can easily keep track of what you’ve covered. <p>The CISM certification is a top-tier cybersecurity management certification that signals employers that a current or aspiring cybersecurity leader is ready to take on cross-functional team management responsibilities. CISM-certified managers are well-versed in information security governance, information risk management, information security program development and management, and information security incident management. By earning this credential, cybersecurity professionals demonstrate that they’re ready to move beyond individual technical responsibilities. CISM holders demonstrate quantifiable job performance improvements and salary increases. With what you learn and prepare for using the <i>Certified Information Security Manager (CISM) Study Guide</i> you’ll be ready to move on to security management and leadership roles, all the way up to Chief Information Security Officer (CISO)! <p>The included Practice tests, exercises, and real-world examples will help you reinforce and retain what you’ve learned. The Sybex online learning environment and test bank, accessible across multiple devices, further expand your study toolkit. Get prepared for the CISM exam with Sybex. <p><b>Coverage of 100% of all exam objectives in this Study Guide means you’ll be ready for: </b> <ul><li>Information Security Governance </li> <li>Information Security Risk Management </li> <li>Information Security Program </li> <li>Incident Management</li></ul> <p><b>Interactive learning environment </b> <p>Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit <b>www.wiley.com/go/sybextestprep, </b> register your book to receive your unique PIN, and instantly gain one year of FREE access after activation to: <ul><li><b>Interactive test bank </b> with 2 practice exams to help you identify areas where further review is needed. Get more than 90% of the answers correct, and you’re ready to take the certification exam.</li> <li><b>100 electronic flashcards</b> to reinforce learning and last-minute prep before the exam</li> <li><b>Comprehensive glossary</b> in PDF format gives you instant access to the key terms so you are fully prepared</li> <li><b>Audio review</b> of Exam Essentials for each chapter</li></ul> <p><b> ABOUT THE ISACA CERTIFICATION PROGRAM </b> <p> The ISACA certification program serves nearly 150,000 professionals in over 180 countries. Two of their flagship certifications – CISA and CISM – are highly coveted credentials sought by IT professionals seeking to demonstrate their mastery of information security governance, risk management, and related topics.

US