Apart from being well-versed in fundamentals and advanced information security concepts, a candidate must be quick and accurate in solving questions to ace ISACA's Certified Information Security Manager (CISM) certification. This book covers all four domains of the CISM Review Manual and provides complete coverage of the exam content through comprehensive explanations of core concepts.

With this book, you will unlock access to a powerful exam-prep platform that includes interactive practice questions, exam tips, and flashcards. The platform perfectly complements the book and even lets you clarify your doubts directly with the author.

This blended learning approach of shoring up key concepts through the book and applying them to answer practice questions online is designed to help build your confidence in acing the CISM certification.

By the end of this book, you will have everything you need to succeed in your information security career and pass the CISM certification exam with this handy, on-the-job desktop reference guide.

With this book, you will unlock unlimited access to our online exam-prep platform (Figure 0.1). This is your place to practice everything you have learned in the book.

Figure 0.1: Online exam-prep platform

Sharpen your understanding of concepts with multiple sets of practice questions and interactive flashcards, accessible from all modern web browsers. If you get stuck, you can raise your concerns with the author directly through the website. Before doing that, make sure to go through the list of resolved doubts as well. These are based on questions asked by other users. Finally, go through the exam tips on the website to make sure you are well prepared.

Who This Book Is For

This book is ideal for IT risk professionals, IT auditors, CISOs, information security managers, and risk management professionals.

What This Book Covers

This book is aligned with the CISM Review Manual (16th Edition; 2022) and encompasses the following topics:

Chapter 1: Enterprise Governance provides an overview of information security governance as a whole. It covers aspects such as the importance of information security governance, the role of organizational culture in information security, and security governance metrics.

Chapter 2: Information Security Strategy discusses information security strategy and highlights areas such as security strategy development, senior management's role in an organization's security strategy, and the security architecture.

Chapter 3: Information Risk Assessment covers the basic aspects of risk management and deals with the basic definition of risk and its components, risk identification, analysis and evaluation, and the security baseline.

Chapter 4: Information Risk Response covers the tools and techniques used for risk response: namely, risk avoidance, risk mitigation, risk transfer, and risk acceptance. The chapter also details change management and risk management integration with the project life cycle.

Chapter 5: Information Security Program Development explores the different procedures and techniques for developing an information security program and also deals with the information security program roadmap.

Chapter 6: Information Security Program Management discusses the basics of information security program management and covers information security program objectives, the security baseline, and security awareness and training.

Chapter 7: Information Security Infrastructure and Architecture defines information security architecture and explores how to implement it effectively.

Chapter 8: Information Security Monitoring Tools and Techniques emphasizes the importance of monitoring tools and techniques and introduces some of the most commonly used and most useful ones, such as intrusion detection systems, intrusion prevention systems, and firewalls.

Chapter 9: Incident Management Readiness sets out what it means to be ready for information security incidents. It covers aspects such as incident classification, business impact analysis, and insurance.

Chapter 10: Incident Management Operations covers the implementation of business continuity and disaster recovery processes and also deals with post-incident review practices.

How to Get the Most Out of This Book

This book is directly aligned with the CISM Review Manual (16th Edition; 2022) from ISACA. It is advisable to stick to the following steps when preparing for the CISM exam:

Step 1: Read this book from end to end.

Step 2: Go through ISACA's QAE book or database.

Step 3: Refer to ISACA's CISM Review Manual.

Step 4: Memorize key concepts using the flashcards on the website.

Step 5: Attempt the online practice question sets. Make a note of the concepts you are weak in, revisit those in the book, and re-attempt the practice questions.

Step 6: Keep repeating the practice question sets till you are able to answer all the questions in each practice set correctly within the time limit.

Step 7: Review exam tips on the website.

CISM aspirants will gain a lot of confidence if they approach their CISM preparation as per these mentioned steps.

Recorded Lectures

This book is also available in video lecture format along with 200+ exam-oriented practice questions on Udemy. Buyers of this book are entitled to 30% off on Hemang Doshi's recorded lectures. For a discount coupon, please write to training@hemangdoshiacademy.in.

Requirements for the Online Content

The online content includes interactive elements like practice questions, flashcards, and exam tips. For optimal experience, it is recommended that you use the latest version of a modern, desktop (or mobile) web browser such as Edge, Chrome, Safari, or Firefox.

Instructions for Unlocking the Online Content

To unlock the online content, you will need to create an account on our exam-prep website using the unique sign-up code provided in this book.

Where to find the sign-up code

You can find your unique sign-up code at the start of Chapter 5, Information Security Program Development.

Figure 0.2: Enter your name and email address in the sign-up form

1. Create a strong alphanumeric password (2) (minimum 6 characters in length):

Figure 0.3: Create a strong password in the sign-up form

2. Enter the unique sign-up code (3). Once you have entered the code, click the Sign Up button.

   Note

   You only need to input the sign-up code once. After your account is created, you will be able to access the website from any device with only your email address and password.

Figure 0.4: Enter the unique sign-up code

3. Upon a successful sign-up, you will be redirected to the dashboard (see Figure 0.5).

Figure 0.5: Online exam-prep platform dashboard

Going forward, you will simply need to login using your email address and password.

Note

If you are facing issues signing up, reach out to customercare@packt.com.

Quick Access to the Website

If you have successfully signed up, it is recommended that you bookmark this link for quick access to the website: https://packt.link/cismexamguidewebsite. Click the Login link on the top-right corner of the page to open the login page. Use the credentials you created in Steps 2 and 3 of the Instructions for Unlocking the Online Content section above.

Alternatively, you can scan the following QR code to open the website:

Figure 0.6: QR Code for the CISM online exam-prep platform

CISM Syllabus – 2022

The CISM exam content was updated on June 1, 2022. There are minor changes in domain nomenclature and substantial changes in the weightage of each domain tested in the new exam. The following table presents the domains and their corresponding weightage:

Figure 0.7: Previous and updated domains for CISM

Candidates who have based their studies so far on the previous weightings should take careful note of the changes and adjust their preparations accordingly.

The CISM exam contains 150 questions and covers the 4 information security management areas mentioned in the preceding table in Figure 0.7.

The following are the key topics that candidates will be tested on starting from June 1, 2022:

Figure 0.8: Key CISM topics

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere? Is your eBook purchase not compatible with the device of your choice?

Don't worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, and on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don't stop there; you can get exclusive access to discounts, newsletters, and great free content in your inbox daily.

Follow these simple steps to get the benefits:

1. Scan the QR code or visit the link below:

https://packt.link/free-ebook/9781804610633

2. Submit your proof of purchase.
3. That's it! We'll send your free PDF and other benefits to your email directly.