Produktbild: CISM Certified Information Security Manager Study Guide

- 20%

Mike Chapple

CISM Certified Information Security Manager Study Guide Sybex Study Guide

Name: CISM Certified Information Security Manager Study Guide
Price: 48.99 EUR
Availability: LimitedAvailability
ISBN: 978-1-119-80193-1

Aus der Reihe Sybex Study Guide

- Taschenbuch ausgewählt
- eBook

20% sparen

48,99 € UVP ~~61,90 €~~

inkl. MwSt, Versandkostenfrei

Artikel liefern lassen

Lieferbar in 5 - 7 Tagen

Click & Collect

Beschreibung

Details

Verkaufsrang

34795

Einband

Taschenbuch

Erscheinungsdatum

14.07.2022

Verlag

John Wiley & Sons

Seitenzahl

432

Maße (L/B/H)

22,7/13,6/2,1 cm

Gewicht

612 g

Auflage

1. Auflage

Sprache

Englisch

ISBN

978-1-119-80193-1

Weitere Bände von Sybex Study Guide

OCP Oracle Certified Professional Java SE 21 Developer Study Guide von Jeanne Boyarsky

Jeanne Boyarsky
OCP Oracle Certified Professional Java SE 21 Developer Study Guide
Buch

59,99 €
ISC2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle von Mike Chapple

Mike Chapple
ISC2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle
Buch

86,99 €
CompTIA Security+ Certification Kit von Mike Chapple
- 18%

Mike Chapple
CompTIA Security+ Certification Kit
Buch

56,99 € ~~69,90 €~~ ^*
CompTIA Security+ Study Guide with over 500 Practice Test Questions von Mike Chapple

Mike Chapple
CompTIA Security+ Study Guide with over 500 Practice Test Questions
Buch

52,99 €
CEH v12 Certified Ethical Hacker Study Guide with 750 Practice Test Questions von Ric Messier

Ric Messier
CEH v12 Certified Ethical Hacker Study Guide with 750 Practice Test Questions
eBook

42,99 €
Google Cloud Certified Associate Cloud Engineer Study Guide von Dan Sullivan

Dan Sullivan
Google Cloud Certified Associate Cloud Engineer Study Guide
Buch

46,99 €
AWS Certified Solutions Architect Study Guide with 900 Practice Test Questions von Ben Piper

Ben Piper
AWS Certified Solutions Architect Study Guide with 900 Practice Test Questions
Buch

54,99 €
(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide von Mike Chapple
- 20%

Mike Chapple
(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide
Buch

48,99 € ~~61,90 €~~ ^*
CISM Certified Information Security Manager Study Guide von Mike Chapple
- 20%

Mike Chapple
CISM Certified Information Security Manager Study Guide
Buch

48,99 € ~~61,90 €~~ ^*
OCP Oracle Certified Professional Java SE 17 Developer Study Guide von Scott Selikoff

Scott Selikoff
OCP Oracle Certified Professional Java SE 17 Developer Study Guide
Buch

57,99 €
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide von Mike Chapple

Mike Chapple
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
Buch

64,99 €
OCA von Jeanne Boyarsky

Jeanne Boyarsky
OCA
Buch

57,99 €

Unsere Kundinnen und Kunden meinen

0.0

0 Bewertungen

Verfassen Sie die erste Bewertung zu diesem Artikel

Helfen Sie anderen Kund*innen durch Ihre Meinung

Erste Bewertung verfassen

Kurze Frage zu unserer Seite

Vielen Dank für Ihr Feedback

Wir nutzen Ihr Feedback, um unsere Produktseiten zu verbessern. Bitte haben Sie Verständnis, dass wir Ihnen keine Rückmeldung geben können. Falls Sie Kontakt mit uns aufnehmen möchten, können Sie sich aber gerne an unseren Kund*innenservice wenden.

zum Kundenservice

Introduction Assessment Test xxi

Chapter 1 Today's Information Security Manager 1

Information Security Objectives 2

Role of the Information Security Manager 3

Chief Information Security Officer 4

Lines of Authority 4

Organizing the Security Team 5

Roles and Responsibilities 7

Information Security Risks 8

The DAD Triad 8

Incident Impact 9

Building an Information Security Strategy 12

Threat Research 12

SWOT Analysis 13

Gap Analysis 13

Creating SMART Goals 16

Alignment with Business Strategy 16

Leadership Support 17

Internal and External Influences 17

Cybersecurity Responsibilities 18

Communication 19

Action Plans 19

Implementing Security Controls 20

Security Control Categories 21

Security Control Types 21

Data Protection 23

Summary 25

Exam Essentials 25

Review Questions 27

Chapter 2 Information Security Governance and Compliance 31

Governance 33

Corporate Governance 33

Governance, Risk, and Compliance Programs 35

Information Security Governance 35

Developing Business Cases 36

Third- Party Relationships 37

Understanding Policy Documents 38

Policies 38

Standards 40

Procedures 42

Guidelines 43

Exceptions and Compensating Controls 44

Developing Policies 45

Complying with Laws and Regulations 46

Adopting Standard Frameworks 47

Cobit 47

NIST Cybersecurity Framework 49

NIST Risk Management Framework 52

ISO Standards 53

Benchmarks and Secure Configuration Guides 54

Security Control Verification and Quality Control 56

Summary 57

Exam Essentials 57

Review Questions 59

Chapter 3 Information Risk Management 63

Analyzing Risk 65

Risk Identification 66

Risk Calculation 67

Risk Assessment 68

Risk Treatment and Response 72

Risk Mitigation 73

Risk Avoidance 74

Risk Transference 74

Risk Acceptance 75

Risk Analysis 75

Disaster Recovery Planning 78

Disaster Types 78

Business Impact Analysis 79

Privacy 79

Sensitive Information Inventory 80

Information Classification 80

Data Roles and Responsibilities 82

Information Lifecycle 83

Privacy- Enhancing Technologies 83

Privacy and Data Breach Notification 84

Summary 84

Exam Essentials 85

Review Questions 86

Chapter 4 Cybersecurity Threats 91

Chapter 5 Exploring Cybersecurity Threats 92

Classifying Cybersecurity Threats 92

Threat Actors 94

Threat Vectors 99

Threat Data and Intelligence 101

Open Source Intelligence 101

Proprietary and Closed Source Intelligence 104

Assessing Threat Intelligence 105

Threat Indicator Management and Exchange 107

Public and Private Information Sharing Centers 108

Conducting Your Own Research 108

Summary 109

Exam Essentials 109

Review Questions 111

Information Security Program Development and Management 115

Information Security Programs 117

Establishing a New Program 117

Maintaining an Existing Program 121

Security Awareness and Training 123

User Training 123

Role- Based Training 124

Ongoing Awareness Efforts 124

Managing the Information Security Team 125

Hiring Team Members 126

Developing the Security Team 126

Managing the Security Budget 127

Organizational Budgeting 127

Fiscal Years 127

Expense Types 128

Budget Monitoring 129

Integrating Security with Other Business Functions 130

Procurement 130

Accounting 133

Human Resources 133

Information Technology 135

Audit 138

Summary 139

Exam Essentials 139

Review Questions 141

Chapter 6 Security Assessment and Testing 145

Vulnerability Management 146

Identifying Scan Targets 146

Determining Scan Frequency 148

Configuring Vulnerability Scans 149

Scanner Maintenance 154

Vulnerability Scanning Tools 155

Reviewing and Interpreting Scan Reports 159

Validating Scan Results 160

Security Vulnerabilities 161

Patch Management 162

Legacy Platforms 163

Weak Configurations 164

Error Messages 164

Insecure Protocols 165

Weak Encryption 166

Penetration Testing 167

Adopting the Hacker Mindset 168

Reasons for Penetration Testing 169

Benefits of Penetration Testing 169

Penetration Test Types 170

Rules of Engagement 171

Reconnaissance 173

Running the Test 173

Cleaning Up 174

Training and Exercises 174

Summary 175

Exam Essentials 176

Review Questions 177

Chapter 7 Cybersecurity Technology 181

Endpoint Security 182

Malware Prevention 183

Endpoint Detection and Response 183

Data Loss Prevention 184

Change and Configuration Management 185

Patch Management 185

System Hardening 185

Network Security 186

Network Segmentation 186

Network Device Security 188

Network Security Tools 191

Cloud Computing Security 195

Benefits of the Cloud 196

Cloud Roles 198

Cloud Service Models 198

Cloud Deployment Models 202

Shared Responsibility Model 204

Cloud Standards and Guidelines 207

Cloud Security Issues 208

Cloud Security Controls 210

Cryptography 212

Goals of Cryptography 212

Symmetric Key Algorithms 214

Asymmetric Cryptography 215

Hash Functions 217

Digital Signatures 218

Digital Certificates 219

Certificate Generation and Destruction 220

Code Security 223

Software Development Life Cycle 223

Software Development Phases 224

Software Development Models 226

DevSecOps and DevOps 229

Code Review 230

Software Security Testing 232

Identity and Access Management 234

Identification, Authentication, and Authorization 234

Authentication Techniques 235

Authentication Errors 237

Single- Sign On and Federation 238

Provisioning and Deprovisioning 238

Account Monitoring 239

Summary 240

Exam Essentials 241

Review Questions 244

Chapter 8 Incident Response 249

Security Incidents 251

Phases of Incident Response 252

Preparation 253

Detection and Analysis 254

Containment, Eradication, and Recovery 255

Post- Incident Activity 267

Building the Incident Response Plan 269

Policy 269

Procedures and Playbooks 270

Documenting the Incident Response Plan 270

Creating an Incident Response Team 272

Incident Response Providers 273

CSIRT Scope of Control 273

Coordination and Information Sharing 273

Internal Communications 274

External Communications 274

Classifying Incidents 274

Threat Classification 275

Severity Classification 276

Conducting Investigations 279

Investigation Types 279

Evidence 282

Plan Training, Testing, and Evaluation 288

Summary 289

Exam Essentials 290

Review Questions 292

Chapter 9 Business Continuity and Disaster Recovery 297

Planning for Business Continuity 298

Project Scope and Planning 299

Organizational Review 300

BCP Team Selection 301

Resource Requirements 302

Legal and Regulatory Requirements 303

Business Impact Analysis 304

Identifying Priorities 305

Risk Identification 306

Likelihood Assessment 308

Impact Analysis 309

Resource Prioritization 310

Continuity Planning 310

Strategy Development 311

Provisions and Processes 311

Plan Approval and Implementation 313

Plan Approval 313

Plan Implementation 314

Training and Education 314

BCP Documentation 314

The Nature of Disaster 318

Natural Disasters 319

Human- Made Disasters 324

System Resilience, High Availability, and Fault Tolerance 327

Protecting Hard Drives 328

Protecting Servers 329

Protecting Power Sources 331

Recovery Strategy 331

Business Unit and Functional Priorities 332

Crisis Management 333

Emergency Communications 334

Workgroup Recovery 334

Alternate Processing Sites 334

Database Recovery 338

Recovery Plan Development 340

Emergency Response 341

Personnel and Communications 341

Assessment 342

Backups and Offsite Storage 342

Utilities 345

Logistics and Supplies 345

Training, Awareness, and Documentation 345

Testing and Maintenance 346

Read- Through Test 346

Structured Walk- Through 346

Simulation Test 347

Parallel Test 347

Full- Interruption Test 347

Lessons Learned 347

Maintenance 348

Summary 349

Exam Essentials 349

Review Questions 351

Appendix Answers to the Review Questions 357

Chapter 1: Today's Information Security Manager 358

Chapter 2: Information Security Governance and Compliance 360

Chapter 3: Information Risk Management 362

Chapter 4: Cybersecurity Threats 363

Chapter 5: Information Security Program Development and Management 365

Chapter 6: Security Assessment and Testing 368

Chapter 7: Cybersecurity Technology 370

Chapter 8: Incident Response 372

Chapter 9: Business Continuity and Disaster Recovery 374

Index 377