Atjaunināt sīkdatņu piekrišanu

CISM Certified Information Security Manager All-in-One Exam Guide, Second Edition 2nd edition [Mīkstie vāki]

4.50/5 (4 ratings by Goodreads)
  • Formāts: Paperback / softback, 656 pages, weight: 1116 g, 50 Illustrations
  • Izdošanas datums: 15-Nov-2022
  • Izdevniecība: McGraw-Hill Education
  • ISBN-10: 1264268319
  • ISBN-13: 9781264268313
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 61,21 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
CISM Certified Information Security Manager All-in-One Exam Guide, Second Edition 2nd editionPalielināt
  • Formāts: Paperback / softback, 656 pages, weight: 1116 g, 50 Illustrations
  • Izdošanas datums: 15-Nov-2022
  • Izdevniecība: McGraw-Hill Education
  • ISBN-10: 1264268319
  • ISBN-13: 9781264268313
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781264268313.html
Keywords:

Provides 100% coverage of every objective on the 2022 CISM exam

This integrated self-study guide enables you to take the 2022 version of the challenging CISM exam with complete confidence. Written by an expert in the field, the book offers exam-focused coverage of information security governance, information risk management, information security program development and management, and information security incident management.

CISM Certified Information Security Manager All-in-One Exam Guide, Second Edition features learning objectives, exam tips, practice questions, and in-depth explanations. All questions closely match those on the live test in tone, format, and content. Special design elements throughout provide real-world insight and call out potentially harmful situations. Beyond fully preparing you for the exam, the book also serves as a valuable on-the-job reference.

  • Features complete coverage of all 2022 CISM exam domains
  • Online content includes 300 practice questions in the customizable TotalTester™ exam engine
  • Written by a cybersecurity expert, author, and lecturer

Acknowledgments xix
Introduction xxi
Part I Information Security Governance
Chapter 1 Enterprise Governance
3(34)
Introduction to Information Security Governance
4(2)
Reason for Security Governance
6(1)
Security Governance Activities and Results
7(1)
Business Alignment
8(1)
Organizational Culture
9(1)
Acceptable Use Policy
10(1)
Ethics
10(1)
Legal, Regulatory, and Contractual Requirements
11(1)
Organizational Structure, Roles, and Responsibilities
12(1)
Organizational Roles
13(3)
Board of Directors
16(2)
Executive Management
18(1)
Security Steering Committee
19(1)
Business Process and Business Asset Owners
20(1)
Custodial Responsibilities
21(1)
Chief Information Security Officer
21(2)
Chief Privacy Officer
23(1)
Chief Compliance Officer
23(1)
Software Development
23(1)
Data Management
24(1)
Network Management
24(1)
Systems Management
25(1)
IT Operations
25(1)
Governance, Risk, and Compliance
26(1)
Business Resilience
27(1)
Security Operations
27(1)
Security Audit
28(1)
Service Desk
28(1)
Quality Assurance
28(1)
Other Roles
28(1)
General Staff
29(1)
Monitoring Responsibilities
29(1)
Chapter Review
30(1)
Notes
31(1)
Questions
32(2)
Answers
34(3)
Chapter 2 Information Security Strategy
37(64)
Information Security Strategy Development
38(1)
Strategy Objectives
38(1)
Strategy Participants
39(1)
Strategy Resources
40(15)
Strategy Development
55(13)
Strategy Constraints
68(4)
Information Governance Frameworks and Standards
72(1)
Business Model for Information Security
73(8)
The Zachman Framework
81(2)
The Open Group Architecture Framework
83(1)
ISO/IEC 27001
83(2)
NIST Cybersecurity Framework
85(2)
NIST Risk Management Framework
87(1)
Strategic Planning
88(1)
Roadmap Development
89(1)
Developing a Business Case
89(2)
Chapter Review
91(2)
Notes
93(1)
Questions
94(3)
Answers
97(4)
Part II Information Security Risk Management
Chapter 3 Information Security Risk Assessment
101(64)
Emerging Risk and Threat Landscape
102(1)
The Importance of Risk Management
102(1)
Outcomes of Risk Management
103(1)
Risk Objectives
103(1)
Risk Management Technologies
104(1)
Implementing a Risk Management Program
105(10)
The Risk Management Life Cycle
115(12)
Vulnerability and Control Deficiency Analysis
127(2)
Risk Assessment and Analysis
129(1)
Threat Identification
129(7)
Risk Identification
136(1)
Risk Likelihood and Impact
137(2)
Risk Analysis Techniques and Considerations
139(6)
Risk Management and Business Continuity Planning
145(1)
The Risk Register
146(4)
Integration of Risk Management into Other Processes
150(7)
Chapter Review
157(2)
Notes
159(1)
Questions
160(2)
Answers
162(3)
Chapter 4 Information Security Risk Response
165(26)
Risk Treatment / Risk Response Options
166(1)
Risk Mitigation
167(1)
Risk Transfer
168(1)
Risk Avoidance
169(1)
Risk Acceptance
170(1)
Evaluating Risk Response Options
171(1)
Costs and Benefits
172(1)
Residual Risk
173(1)
Iterative Risk Treatment
173(1)
Risk Appetite, Capacity, and Tolerance
174(1)
Legal and Regulatory Considerations
175(2)
The Risk Register
177(1)
Risk and Control Ownership
178(1)
Risk Ownership
178(1)
Control Ownership
179(1)
Risk Monitoring and Reporting
180(1)
Key Risk Indicators
180(1)
Training and Awareness
181(1)
Risk Documentation
182(1)
Chapter Review
182(1)
Notes
183(1)
Questions
184(2)
Answers
186(5)
Part III Information Security Risk Management
Chapter 5 Information Security Program Development
191(50)
Information Security Program Resources
192(1)
Trends
192(1)
Outcomes
193(1)
Charter
194(1)
Scope
195(1)
Information Security Processes
195(1)
Information Security Technologies
196(3)
Information Asset Identification and Classification
199(1)
Asset Identification and Valuation
199(3)
Asset Classification
202(7)
Asset Valuation
209(1)
Industry Standards and Frameworks for Information Security
210(1)
Control Frameworks
210(8)
Information Security Management Frameworks
218(1)
Information Security Architecture
218(2)
Information Security Policies, Procedures, and Guidelines
220(1)
Policy Development
220(3)
Standards
223(1)
Guidelines
223(1)
Requirements
223(1)
Processes and Procedures
224(1)
Information Security Program Metrics
225(2)
Types of Metrics
227(4)
Audiences
231(1)
The Security Balanced Scorecard
232(1)
Chapter Review
233(3)
Notes
236(1)
Questions
237(2)
Answers
239(2)
Chapter 6 Information Security Program Management
241(164)
Information Security Control Design and Selection
242(1)
Control Classification
242(3)
Control Objectives
245(1)
General Computing Controls
246(1)
Controls: Build Versus Buy
247(1)
Control Frameworks
248(24)
Information Security Control Implementation and Integrations
272(1)
Controls Development
272(3)
Control Implementation
275(1)
Security and Control Operations
275(46)
Information Security Control Testing and Evaluation
321(1)
Control Monitoring
322(1)
Control Reviews and Audits
322(17)
Information Security Awareness and Training
339(1)
Security Awareness Training Objectives
339(1)
Creating or Selecting Content for Security Awareness Training
340(1)
Security Awareness Training Audiences
340(3)
Awareness Training Communications
343(1)
Management of External Services
344(1)
Benefits of Outsourcing
345(1)
Risks of Outsourcing
345(3)
Identifying Third Parties
348(2)
Cloud Service Providers
350(1)
TPRM Life Cycle
351(3)
Risk Tiering and Vendor Classification
354(2)
Assessing Third Parties
356(4)
Proactive Issue Remediation
360(2)
Responsive Issue Remediation
362(1)
Security Incidents
362(1)
Information Security Program Communications and Reporting
363(1)
Security Operations
363(1)
Risk Management
363(1)
Internal Partnerships
364(6)
External Partnerships
370(3)
Compliance Management
373(2)
Security Awareness Training
375(1)
Technical Architecture
376(1)
Personnel Management
376(6)
Project and Program Management
382(1)
Budget
382(1)
IT Service Management
383(1)
Service Desk
384(1)
Incident Management
384(1)
Problem Management
385(1)
Change Management
386(2)
Configuration Management
388(1)
Release Management
389(2)
Service-Level Management
391(1)
Financial Management
391(1)
Capacity Management
392(1)
Service Continuity Management
393(1)
Availability Management
393(1)
Asset Management
394(1)
Continuous Improvement
394(1)
Chapter Review
394(2)
Notes
396(1)
Questions
397(3)
Answers
400(5)
Part IV Incident Management
Chapter 7 Incident Management Readiness
405(94)
Incident Response Plan
406(2)
Security Incident Response Overview
408(3)
Incident Response Plan Development
411(6)
Business Impact Analysis
417(1)
Inventory of Key Processes and Systems
417(2)
Statements of Impact
419(1)
Criticality Analysis
420(2)
Determine Maximum Tolerable Downtime
422(1)
Determine Maximum Tolerable Outage
422(1)
Establish Key Recovery Targets
423(3)
Business Continuity Plan (BCP)
426(1)
Business Continuity Planning
427(28)
Disaster Recovery Plan (DRP)
455(1)
Disaster Response Teams' Roles and Responsibilities
456(1)
Recovery Objectives
457(16)
Incident Classification/Categorization
473(2)
Incident Management Training, Testing, and Evaluation
475(1)
Security Incident Response Training
475(1)
Business Continuity and Disaster Response Training
476(1)
Testing Security Incident Response Plans
477(1)
Testing Business Continuity and Disaster Recovery Plans
478(6)
Evaluating Business Continuity Planning
484(4)
Evaluating Disaster Recovery Planning
488(4)
Evaluating Security Incident Response
492(1)
Chapter Review
493(1)
Notes
494(1)
Questions
494(3)
Answers
497(2)
Chapter 8 Incident Management Operations
499(32)
Incident Management Tools and Techniques
502(1)
Incident Response Roles and Responsibilities
502(1)
Incident Response Tools and Techniques
503(4)
Incident Investigation and Evaluation
507(1)
Incident Detection
507(2)
Incident Initiation
509(1)
Incident Analysis
509(4)
Incident Containment Methods
513(2)
Incident Response Communications
515(1)
Crisis Management and Communications
515(1)
Communications in the Incident Response Plan
516(1)
Incident Response Metrics and Reporting
517(2)
Incident Eradication, and Recovery
519(1)
Incident Eradication
520(1)
Incident Recovery
520(1)
Incident Remediation
521(1)
Post-incident Review Practices
522(1)
Closure
522(1)
Post-incident Review
522(1)
Chapter Review
523(1)
Notes
524(1)
Questions
524(3)
Answers
527(4)
Part V Appendix and Glossary
Appendix About the Online Content
531(1)
System Requirements
531(1)
Your Total Seminars Training Hub Account
531(1)
Privacy Notice
531(1)
Single User License Terms and Conditions
531(2)
TotalTester Online
533(1)
Technical Support
533(2)
Glossary 535(42)
Index 577
Peter H. Gregory, CRISC, CISM®, CISA®, CDPSE, CIPM®, CISSP®, DRCE, CCSK,  is a 30-year career technologist and a security leader in a regional telecommunications company.  He is the author of over 40 books on information security and technology, including CISA Certified Information Systems Auditor All-in-One Exam Guide, Third Edition.