CISM Certified Information Security Manager Study Guide

SHARPEN YOUR INFORMATION SECURITY SKILLS AND GRAB AN INVALUABLE NEW CREDENTIAL WITH THIS UNBEATABLE STUDY GUIDE

As cybersecurity becomes an increasingly mission-critical issue, more and more employers and professionals are turning to ISACA's trusted and recognized Certified Information Security Manager qualification as a tried-and-true indicator of information security management expertise.

In Wiley's Certified Information Security Manager (CISM) Study Guide, you'll get the information you need to succeed on the demanding CISM exam. You'll also develop the IT security skills and confidence you need to prove yourself where it really counts: on the job.

Chapters are organized intuitively and by exam objective so you can easily keep track of what you've covered and what you still need to study. You'll also get access to a pre-assessment, so you can find out where you stand before you take your studies further.

Sharpen your skills with Exam Essentials and chapter review questions with detailed explanations in all four of the CISM exam domains: Information Security Governance, Information Security Risk Management, Information Security Program, and Incident Management.

In this essential resource, you'll also:

* Grab a head start to an in-demand certification used across the information security industry
* Expand your career opportunities to include rewarding and challenging new roles only accessible to those with a CISM credential
* Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms

Perfect for anyone prepping for the challenging CISM exam or looking for a new role in the information security field, the Certified Information Security Manager (CISM) Study Guide is an indispensable resource that will put you on the fast track to success on the test and in your next job.

ABOUT THE AUTHOR

MIKE CHAPPLE, PHD, CISM, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University’s Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, CertMike.com Introduction Assessment Test xxi

CHAPTER 1 TODAY’S INFORMATION SECURITY MANAGER 1

Information Security Objectives 2

Role of the Information Security Manager 3

Chief Information Security Officer 4

Lines of Authority 4

Organizing the Security Team 5

Roles and Responsibilities 7

Information Security Risks 8

The DAD Triad 8

Incident Impact 9

Building an Information Security Strategy 12

Threat Research 12

SWOT Analysis 13

Gap Analysis 13

Creating SMART Goals 16

Alignment with Business Strategy 16

Leadership Support 17

Internal and External Influences 17

Cybersecurity Responsibilities 18

Communication 19

Action Plans 19

Implementing Security Controls 20

Security Control Categories 21

Security Control Types 21

Data Protection 23

Summary 25

Exam Essentials 25

Review Questions 27

CHAPTER 2 INFORMATION SECURITY GOVERNANCE AND COMPLIANCE 31

Governance 33

Corporate Governance 33

Governance, Risk, and Compliance Programs 35

Information Security Governance 35

Developing Business Cases 36

Third- Party Relationships 37

Understanding Policy Documents 38

Policies 38

Standards 40

Procedures 42

Guidelines 43

Exceptions and Compensating Controls 44

Developing Policies 45

Complying with Laws and Regulations 46

Adopting Standard Frameworks 47

Cobit 47

NIST Cybersecurity Framework 49

NIST Risk Management Framework 52

ISO Standards 53

Benchmarks and Secure Configuration Guides 54

Security Control Verification and Quality Control 56

Summary 57

Exam Essentials 57

Review Questions 59

CHAPTER 3 INFORMATION RISK MANAGEMENT 63

Analyzing Risk 65

Risk Identification 66

Risk Calculation 67

Risk Assessment 68

Risk Treatment and Response 72

Risk Mitigation 73

Risk Avoidance 74

Risk Transference 74

Risk Acceptance 75

Risk Analysis 75

Disaster Recovery Planning 78

Disaster Types 78

Business Impact Analysis 79

Privacy 79

Sensitive Information Inventory 80

Information Classification 80

Data Roles and Responsibilities 82

Information Lifecycle 83

Privacy- Enhancing Technologies 83

Privacy and Data Breach Notification 84

Summary 84

Exam Essentials 85

Review Questions 86

CHAPTER 4 CYBERSECURITY THREATS 91

CHAPTER 5 EXPLORING CYBERSECURITY THREATS 92

Classifying Cybersecurity Threats 92

Threat Actors 94

Threat Vectors 99

Threat Data and Intelligence 101

Open Source Intelligence 101

Proprietary and Closed Source Intelligence 104

Assessing Threat Intelligence 105

Threat Indicator Management and Exchange 107

Public and Private Information Sharing Centers 108

Conducting Your Own Research 108

Summary 109

Exam Essentials 109

Review Questions 111

Information Security Program Development and Management 115

Information Security Programs 117

Establishing a New Program 117

Maintaining an Existing Program 121

Security Awareness and Training 123

User Training 123

Role- Based Training 124

Ongoing Awareness Efforts 124

Managing the Information Security Team 125

Hiring Team Members 126

Developing the Security Team 126

Managing the Security Budget 127

Organizational Budgeting 127

Fiscal Years 127

Expense Types 128

Budget Monitoring 129

Integrating Security with Other Business Functions 130

Procurement 130

Accounting 133

Human Resources 133

Information Technology 135

Audit 138

Summary 139

Exam Essentials 139

Review Questions 141

CHAPTER 6 SECURITY ASSESSMENT AND TESTING 145

Vulnerability Management 146

Identifying Scan Targets 146

Determining Scan Frequency 148

Configuring Vulnerability Scans 149

Scanner Maintenance 154

Vulnerability Scanning Tools 155

Reviewing and Interpreting Scan Reports 159

Validating Scan Results 160

Security Vulnerabilities 161

Patch Management 162

Legacy Platforms 163

Weak Configurations 164

Error Messages 164

Insecure Protocols 165

Weak Encryption 166

Penetration Testing 167

Adopting the Hacker Mindset 168

Reasons for Penetration Testing 169

Benefits of Penetration Testing 169

Penetration Test Types 170

Rules of Engagement 171

Reconnaissance 173

Running the Test 173

Cleaning Up 174

Training and Exercises 174

Summary 175

Exam Essentials 176

Review Questions 177

CHAPTER 7 CYBERSECURITY TECHNOLOGY 181

Endpoint Security 182

Malware Prevention 183

Endpoint Detection and Response 183

Data Loss Prevention 184

Change and Configuration Management 185

Patch Management 185

System Hardening 185

Network Security 186

Network Segmentation 186

Network Device Security 188

Network Security Tools 191

Cloud Computing Security 195

Benefits of the Cloud 196

Cloud Roles 198

Cloud Service Models 198

Cloud Deployment Models 202

Shared Responsibility Model 204

Cloud Standards and Guidelines 207

Cloud Security Issues 208

Cloud Security Controls 210

Cryptography 212

Goals of Cryptography 212

Symmetric Key Algorithms 214

Asymmetric Cryptography 215

Hash Functions 217

Digital Signatures 218

Digital Certificates 219

Certificate Generation and Destruction 220

Code Security 223

Software Development Life Cycle 223

Software Development Phases 224

Software Development Models 226

DevSecOps and DevOps 229

Code Review 230

Software Security Testing 232

Identity and Access Management 234

Identification, Authentication, and Authorization 234

Authentication Techniques 235

Authentication Errors 237

Single- Sign On and Federation 238

Provisioning and Deprovisioning 238

Account Monitoring 239

Summary 240

Exam Essentials 241

Review Questions 244

CHAPTER 8 INCIDENT RESPONSE 249

Security Incidents 251

Phases of Incident Response 252

Preparation 253

Detection and Analysis 254

Containment, Eradication, and Recovery 255

Post- Incident Activity 267

Building the Incident Response Plan 269

Policy 269

Procedures and Playbooks 270

Documenting the Incident Response Plan 270

Creating an Incident Response Team 272

Incident Response Providers 273

CSIRT Scope of Control 273

Coordination and Information Sharing 273

Internal Communications 274

External Communications 274

Classifying Incidents 274

Threat Classification 275

Severity Classification 276

Conducting Investigations 279

Investigation Types 279

Evidence 282

Plan Training, Testing, and Evaluation 288

Summary 289

Exam Essentials 290

Review Questions 292

CHAPTER 9 BUSINESS CONTINUITY AND DISASTER RECOVERY 297

Planning for Business Continuity 298

Project Scope and Planning 299

Organizational Review 300

BCP Team Selection 301

Resource Requirements 302

Legal and Regulatory Requirements 303

Business Impact Analysis 304

Identifying Priorities 305

Risk Identification 306

Likelihood Assessment 308

Impact Analysis 309

Resource Prioritization 310

Continuity Planning 310

Strategy Development 311

Provisions and Processes 311

Plan Approval and Implementation 313

Plan Approval 313

Plan Implementation 314

Training and Education 314

BCP Documentation 314

The Nature of Disaster 318

Natural Disasters 319

Human- Made Disasters 324

System Resilience, High Availability, and Fault Tolerance 327

Protecting Hard Drives 328

Protecting Servers 329

Protecting Power Sources 331

Recovery Strategy 331

Business Unit and Functional Priorities 332

Crisis Management 333

Emergency Communications 334

Workgroup Recovery 334

Alternate Processing Sites 334

Database Recovery 338

Recovery Plan Development 340

Emergency Response 341

Personnel and Communications 341

Assessment 342

Backups and Offsite Storage 342

Utilities 345

Logistics and Supplies 345

Training, Awareness, and Documentation 345

Testing and Maintenance 346

Read- Through Test 346

Structured Walk- Through 346

Simulation Test 347

Parallel Test 347

Full- Interruption Test 347

Lessons Learned 347

Maintenance 348

Summary 349

Exam Essentials 349

Review Questions 351

Appendix Answers to the Review Questions 357

Chapter 1: Today’s Information Security Manager 358

Chapter 2: Information Security Governance and Compliance 360

Chapter 3: Information Risk Management 362

Chapter 4: Cybersecurity Threats 363

Chapter 5: Information Security Program Development and Management 365

Chapter 6: Security Assessment and Testing 368

Chapter 7: Cybersecurity Technology 370

Chapter 8: Incident Response 372

Chapter 9: Business Continuity and Disaster Recovery 374

Index 377