Transcription
Cism review manual 2016 free pdf downloads download
Download & View CISM Manual 2017 15th Edition.pdf as PDF for free No Text Content! Recommended High Paid IT Certification Video Courses Download Table of contents : indexChapter 1Becoming a CISMChapter 2Information Security GovernanceChapter 3Information Risk ManagementChapter 4Information Security Program Development and ManagementChapter 5Information Security Incident ManagementAppendix About the apter 1 Becoming a CISMBenefits of CISMCertificationBecoming a CISM ProfessionalExperience RequirementsISACA Code of Professional EthicsThe Certification ExamExam PreparationBefore the ExamDay of the ExamAfter the ExamApplying for CISM CertificationRetaining Your CISM CertificationContinuing EducationCPE Maintenance FeesRevocation of CertificationSummaryChapter 2 Information Security GovernanceIntroduction to Information Security GovernanceReason for Security GovernanceSecurity Governance Activities and ResultsBusiness AlignmentRoles andResponsibilitiesMonitoring ResponsibilitiesInformation Security Governance MetricsThe Security Balanced ScorecardBusiness Model for Information SecuritySecurity Strategy DevelopmentStrategy ObjectivesControl FrameworksRisk ObjectivesStrategy ResourcesStrategy DevelopmentStrategy ConstraintsChapter ReviewNotesQuestionsAnswersChapter 3 Information Risk ManagementRisk Management ConceptsThe Importance of Risk ManagementOutcomes of Risk ManagementRisk Management TechnologiesImplementing a Risk ManagementProgramRisk Management StrategyRisk Management FrameworksRisk Management ContextGap AnalysesExternal SupportThe Risk Management Life CycleThe Risk Management ProcessRisk Management MethodologiesAsset Identification and ValuationAsset ClassificationAsset ValuationThreat IdentificationVulnerability IdentificationRisk IdentificationRisk, Likelihood, and ImpactRisk Analysis Techniques and ConsiderationsOperational Risk ManagementRisk Management ObjectivesRisk Management and Business Continuity PlanningThird-Party RiskManagementThe Risk RegisterIntegration of Risk Management into Other ProcessesRisk Monitoring and ReportingKey Risk IndicatorsTraining and AwarenessRisk DocumentationChapter ReviewNotesQuestionsAnswersChapter 4 Information Security Program Development and ManagementInformation Security ProgramsOutcomesCharterScopeInformation Security Management FrameworksDefining a Road MapInformation Security ArchitectureSecurity Program ManagementSecurity GovernanceRisk ManagementThe Risk Management ProgramThe RiskManagement ProcessRisk TreatmentAudits and ReviewsPolicy DevelopmentThird-Party Risk ManagementAdministrative ActivitiesSecurity Program OperationsEvent MonitoringVulnerability ManagementSecure Engineering and DevelopmentNetwork ProtectionEndpoint Protection and ManagementIdentity and Access ManagementSecurity Incident ManagementSecurity Awareness TrainingManaged Security Services ProvidersData SecurityBusiness Continuity PlanningIT Service ManagementService DeskIncident ManagementProblem ManagementChangeManagementConfiguration ManagementRelease ManagementService-Level ManagementFinancial ManagementCapacity ManagementService Continuity ManagementAvailability ManagementAsset ManagementControlsControl ClassificationInternal Control ObjectivesInformation Systems Control ObjectivesGeneral Computing ControlsControl FrameworksControls DevelopmentControl AssessmentMetrics and MonitoringTypes of MetricsAudiencesContinuous ImprovementChapter ReviewNotesQuestionsAnswersChapter 5 Information Security IncidentManagementSecurity Incident Response OverviewPhases of Incident ResponseIncident Response Plan DevelopmentObjectivesMaturityResourcesRoles and ResponsibilitiesGap AnalysisPlan DevelopmentResponding to Security ecoveryRemediationClosurePost-incident ReviewBusiness Continuity and Disaster Recovery PlanningBusiness Continuity PlanningDisaster Recovery PlanningTesting BC and DR PlansChapter ReviewNotesQuestionsAnswersAppendix About the DownloadSystem RequirementsInstallingand Running Total TesterAbout Total TesterTechnical SupportGlossaryIndexFigure 2-2 Adapted from The Business Model for Information Security, ISACA.Figure 2-4 Adapted from The University of Southern California, Marshall School of Business, Institute for Critical Information Infrastructure Protection, USA.Figure 2-5 Courtesy Xhienne: SWOT pt.svg, CC BY-SA 2.5Figure 2-6 Courtesy High Tech Security Solutions Magazine.Figure 3-2 Source: National Institute for Standards and Technology.Figure 4-1 Courtesy The Open Group.Figure 4-9 CourtesyBluefoxicy atFigure 5-3 Source: NASA.Chapter 1Chapters 25Figure 1-1Table 1-1Table 1-2Figure 2-1Table 2-1Figure 2-2Table 2-2Figure 2-3Figure 2-4Figure 2-2Figure 2-5Figure 2-61.2.3.4.5.6.7.8.9.10.11.12.13.14.15.1. C.2. A.3. D.4. D.5. C.6. B.7. A.8. D.9. A.10. D.11. B.12. C.13. C.14. A.15. D.Figure 3-1Figure 3-2Chapter 4Table 3-1Table 3-1Figure 3-3Table 3-2Table 3-3Table 3-4Table 3-5Table 3-6Table 3-7Figure 3-4Table 3-8Chapter 4Tables 3-93-10Tables 3-93-10Table 3-11Table 3-11Table 3-11Chapter 41.2.3.4.5.6.7.8.9.10.11.12.13.14.15.1. C.2. A.3. D.4.A.5. D.6. C.7. B.8. C.9. B.10. D.11. C.12. B.13. A.14. D.15. A.Chapter 2Chapter 2Chapter 2Chapter 2Chapter 2Figure 4-1Table 4-1Figure 4-2Chapter 5Chapter 5Figure 4-3Figure 4-4Table 4-2Table 4-2Table 4-3Table 4-4Table 4-4Chapter 5Table 4-5Table 4-6Figure 4-5Table 4-7Table 4-7Figure 4-6Figure 4-7Figure 4-7Figure 4-8Figure 4-9Chapter 5Figure 4-10Figure 4-11Figure 4-12Figure 4-11Figure 4-13Chapter 5Chapter 5Figure 4-14Chapter 5Figure 4-15Table 4-8Table 4-9Table 4-9Table 4-10Table 4-11Table 4-12Table 4-13Table 4-14Table 4-15Figure 416Table 4-16Table 4-17Figure 4-17Table 4-181.2.3.4.5.6.7.8.9.10.11.12.13.14.15.1. C.2. A.3. D.4. C.5. B.6. B.7. A.8. B.9. D.10. D.11. C.12. D.13. A.14. C.15. B.Table 5-1Table 5-1Figure 5-1Chapter 2Tables 5-25-3Table 5-2Table 5-3Figure 5-2Figure 5-3Figure 5-4Figure 5-5Figure 5-6Figure 5-7Figure 5-8Table 5-4Table 5-4Figure 5-9Figure 5-10Figure 5-11Figure 5-11Figure 5-2Table 5-5Table 5-5Table 5-6Figure 5-12Figure 5-13Table 5-7Table 5-8Table 5-9Figure 5-14Figure 5-15Figure 5-16Table 5-101.2.3.4.5.6.7.8.9.10.11.12.13.14.15.1. B.2. C.3. A.4. D.5. A.6.A.7. C.8. C.9. A.10. C.11. B.12. D.13. B.14. 236222323322Citation preview ABOUT THE AUTHOR Peter H. Gregory, CISM, CISA, CRISC, CISSP, CCISO, CCSK, PCI-QSA, is a 30-year career technologist and an executive director at Optiv Security, the largest pure-play cybersecurity solutions provider in the Americas. He has been developing and managing information security management programs since 2002 and has been leading the development and testing of secure IT environments since 1990. In addition, he has spent many years as a software engineer and architect, systems engineer, network engineer,security engineer, and systems operator. Throughout his career, he has written many articles, white papers, user manuals, processes, and procedures, and he has conducted numerous lectures, training classes, seminars, and university courses. Peter is the author of more than 40 books about information security and technology, including Solaris Security, CISSP Guide to Security Essentials, and CISA Certified Information Systems Auditor All-In-One Study Guide. He has spoken at numerous industry conferences including RSA, Interop, SecureWorld Expo,West Coast Security Forum, IP3, Society for Information Management, the Washington Technology Industry Association, and InfraGard. Peter is an advisory board member at the University of Washington’s certificate program in information security and risk management, the lead instructor (emeritus) and advisory board member for the University of Washington certificate program in cybersecurity, a former board member of the Washington State chapter of InfraGard, and a founding member of the Pacific CISO Forum. He is a 2008 graduate of the FBICitizens’ Academy and a member of the FBI Citizens’ Academy Alumni Association. Peter resides with his family in the Seattle, Washington, area and can be found at www.peterhgregory.com. About the Technical Editor Jay Burke, CISSP, CISM, is a highly accomplished information security professional with more than 20 years of operational and executive experience across a variety of industries. Mr. Burke has worked with customers of different sizes and types to build, enhance, and manage best-in-class cybersecurity programs. As an executivelevel securityprofessional he has led detailed maturity assessments as well as facilitated executive workshops to assist CISOs in maturing their cybersecurity programs. His practical experience includes engagements addressing strategic consulting, project management, regulatory compliance (Sarbanes–Oxley, Payment Card Industry, NERC CIP, HIPAA, SOC 1 and 2), and cybersecurity program development leveraging ISO 27001/2, NIST 800-53, Cloud Security Alliance CCM, Shared Assessments SIG, and Unified Compliance Framework. Jay currently serves as thedirector of strategy and governance for Kudelski Security, an independent cybersecurity solutions provider supporting large enterprise and public-sector clients in Europe and the United States. Copyright 2018 by McGraw-Hill Education. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listingsmay be entered, stored, and executed in a computer system, but they may not be reproduced for publication. ISBN: 978-1-26-002704-4 MHID: 1-26-002704-X The material in this eBook also appears in the print version of this title: ISBN: 978-1-26-002703-7, MHID: 1-26-002703-1. eBook conversion by codeMantra Version 1.0 All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with nointention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill Education eBooks are available at special quantity discounts to use as premiums and sales promotions or for use in corporate training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com. Information has been obtained by McGraw-Hill Education from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources,McGraw-Hill Education, or others, McGrawHill Education does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. TERMS OF USE This is a copyrighted work and McGraw-Hill Education and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble,reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill Education’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THEACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill Education and its licensors do not warrant or guarantee that the functions contained in the work will meet yourrequirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill Education nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill Education has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill Education and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use ofor inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. To current and aspiring security managers everywhere who want to do the right thing, through professional growth and practicing sound security and risk management techniques, to keep their organizations out of trouble. CONTENTS AT A GLANCE Chapter 1 Becoming a CISM Chapter 2 Information Security GovernanceChapter 3 Information Risk Management Chapter 4 Information Security Program Development and Management Chapter 5 Information Security Incident Management Appendix About the Download Glossary Index CONTENTS Acknowledgments Introduction Chapter 1 Becoming a CISM Benefits of CISM Certification Becoming a CISM Professional Experience Requirements ISACA Code of Professional Ethics The Certification Exam Exam Preparation Before the Exam Day of the Exam After the Exam Applying for CISM Certification Retaining Your CISMCertification Continuing Education CPE Maintenance Fees Revocation of Certification Summary Chapter 2 Information Security Governance Introduction to Information Security Governance Reason for Security Governance Security Governance Activities and Results Business Alignment Roles and Responsibilities Monitoring Responsibilities Information Security Governance Metrics The Security Balanced Scorecard Business Model for Information Security Security Strategy Development Strategy Objectives Control Frameworks Risk Objectives StrategyResources Strategy Development Strategy Constraints Chapter Review Notes Questions Answers Chapter 3 Information Risk Management Risk Management Concepts The Importance of Risk Management Outcomes of Risk Management Risk Management Technologies Implementing a Risk Management Program Risk Management Strategy Risk Management Frameworks Risk Management Context Gap Analyses External Support The Risk Management Life Cycle The Risk Management Process Risk Management Methodologies Asset Identification andValuation Asset Classification Asset Valuation Threat Identification Vulnerability Identification Risk Identification Risk, Likelihood, and Impact Risk Analysis Techniques and Considerations Operational Risk Management Risk Management Objectives Risk Management and Business Continuity Planning Third-Party Risk Management The Risk Register Integration of Risk Management into Other Processes Risk Monitoring and Reporting Key Risk Indicators Training and Awareness Risk Documentation Chapter Review Notes Questions Answers Chapter 4Information Security Program Development and Management Information Security Programs Outcomes Charter Scope Information Security Management Frameworks Defining a Road Map Information Security Architecture Security Program Management Security Governance Risk Management The Risk Management Program The Risk Management Process Risk Treatment Audits and Reviews Policy Development Third-Party Risk Management Administrative Activities Security Program Operations Event Monitoring Vulnerability Management SecureEngineering and Development Network Protection Endpoint Protection and Management Identity and Access Management Security Incident Management Security Awareness Training Managed Security Services Providers Data Security Business Continuity Planning IT Service Management Service Desk Incident Management Problem Management Change Management Configuration Management Release Management Service-Level Management Financial Management Capacity Management Service Continuity Management Availability Management AssetManagement Controls Control Classification Internal Control Objectives Information Systems Control Objectives General Computing Controls Control Frameworks Controls Development Control Assessment Metrics and Monitoring Types of Metrics Audiences Continuous Improvement Chapter Review Notes Questions Answers Chapter 5 Information Security Incident Management Security Incident Response Overview Phases of Incident Response Incident Response Plan Development Objectives Maturity Resources Roles and Responsibilities Gap Analysis PlanDevelopment Responding to Security Incidents Detection Initiation Evaluation Eradication Recovery Remediation Closure Post-incident Review Business Continuity and Disaster Recovery Planning Business Continuity Planning Disaster Recovery Planning Testing BC and DR Plans Chapter Review Notes Questions Answers Appendix About the Download System Requirements Installing and Running Total Tester About Total Tester Technical Support Glossary Index Figure Credits Figure 2-2 Adapted from The Business Model for Information Security, ISACA.Figure 2-4 Adapted from The University of Southern California, Marshall School of Business, Institute for Critical Information Infrastructure Protection, USA. Figure 2-5 Courtesy Xhienne: SWOT pt.svg, CC BY-SA 2.5, curid 2838770. Figure 2-6 Courtesy High Tech Security Solutions Magazine. Figure 3-2 Source: National Institute for Standards and Technology. Figure 4-1 Courtesy The Open Group. Figure 4-9 Courtesy Bluefoxicy at en.wikipedia.org. Figure 5-3 Source: NASA. ACKNOWLEDGMENTS I am especially grateful to Wendy Rinaldi for affirming theneed to have this book published on a tight timeline. My readers, including current and future security managers, deserve nothing less. Heartfelt thanks to Claire Yee for proficiently managing this project, facilitating rapid turnaround, and equipping me with information I needed to produce the manuscript. I would like to thank my former consulting colleague, Jay Burke, who took on the task of tech reviewing the manuscript. Jay carefully and thoughtfully scrutinized the entire draft manuscript and made scores of useful suggestions that have improved thebook’s quality and value for readers. Many thanks to Jody McKenzie and Vivek Khandelwal for managing the editorial and production ends of the project, and to Kim Wimpsett for copyediting the book and further improving readability. Much appreciation to MPS Limited for expertly rendering my sketches into beautifully clear line art and for laying out the pages. Like Olympic athletes, they make hard work look easy. Many thanks to my literary agent, Carole Jelen, for diligent assistance during this and other projects. Sincere thanks to Rebecca Steele, mybusiness manager and publicist, for her long-term vision and for keeping me on track. Despite having written more than 40 books, I have difficulty putting into words my gratitude for my wife, Rebekah, for tolerating my frequent absences (in the home office and away on business travel) while I developed the manuscript. This project could not have been completed without her loyal and unfailing support. INTRODUCTION The dizzying pace of information systems innovation has made vast expanses of information available to organizations and the public. Often,design flaws and technical vulnerabilities bring unintended consequences, usually in the form of information theft and disclosure. The result: a patchwork of laws, regulations, and standards such as Sarbanes–Oxley, GDPR, Gramm-Leach-Bliley, HIPAA, PCI-DSS, PIPEDA, NERC CIP, and scores of U.S. state laws requiring public disclosure of security breaches involving private information. Through these, organizations are either required or incentivized to build or improve their information security programs to avoid security breaches, penalties, sanctions, andembarrassing news headlines. These developments continue to drive demand for information security professionals and information security leaders. These highly sought professionals play a crucial role in the development of better information security programs that result in reduced risk and improved confidence. The Certified Information Security Manager (CISM) certification, established in 2002, is the leading certification for information security management. Demand for the CISM certification has grown so much that the once-per-year certification examwas changed to twice per year in 2005 and is now offered multiple times each year. In 2005, the CISM certification was awarded accreditation by the American National Standards Institute (ANSI) under international standard ISO/IEC 17024. CISM is also one of the few certifications formally approved by the U.S. Department of Defense in its Information Assurance Technical category (DoD 8570.01-M). In 2017, CISM was a finalist in SC Magazine’s Best Professional Certification Program. There are now more than 34,000 professionals with the certification.Purpose of This Book Let’s get the obvious out of the way: this is a comprehensive study guide for the security management professional who needs a serious reference for individual or group-led study for the Certified Information Security Manager (CISM) certification. The content in this book contains the technical information that CISM candidates are required to know. This book is one source of information to help you prepare for the CISM exam but should not be thought of as the ultimate collection of all the information and experience that ISACA expectsqualified CISM candidates to possess. No one publication covers all of this information. This book is also a reference for aspiring and practicing IT security managers and CISOs. The content that is required to pass the CISM exam is the same content that practicing security managers need to be familiar with in their day-today work. This book is an ideal CISM exam study guide as well as a desk reference for those who have already earned their CISM certification. This book is also invaluable for information security professionals who are not in a leadershipposition today. You will gain considerable insight into today’s information security management challenges. This book is also useful for IT and business management professionals who work with information security leaders and need to better understand what they are doing and why. This book is an excellent guide for anyone exploring a security management career. The study chapters explain all the relevant technologies, techniques, and processes used to manage a modern information security program. This is useful if you are wondering what the securitymanagement profession is all about. How This Book Is Organized This book is logically divided into four major sections: Introduction The “front matter” of the book and Chapter 1 provide an overview of the CISM certification and the information security management profession. CISM study material Chapters 2 through 5 contain everything a studying CISM candidate is responsible for. This same material is a handy desk reference for aspiring and practicing information security managers. Glossary There are more than 550 terms used in the informationsecurity management profession. Practice exams Appendix explains the online CISM practice exam and Total Tester software accompanying this book. CHAPTER 1 Becoming a CISM In this chapter, you will learn about What it means to be a CISM-certified professional ISACA, its code of ethics, and its standards The certification process How to apply for the exam How to maintain your certification How to get the most from your CISM journey Congratulations on choosing to become a Certified Information Security Manager (CISM)! Whether youhave worked for several years in the field of information security or have just recently been introduced to the world of security, governance, risk management, and disaster recovery planning, don’t underestimate the hard work and dedication required to obtain and maintain CISM certification. Although ambition and motivation are required, the rewards can far exceed the effort. You may not have imagined you would find yourself working in the world of information security (or infosec, as it’s often called) or looking to obtain an information securitymanagement certification. Perhaps the increase in legislative or regulatory requirements for information system security led to your introduction to this field. Or possibly you have noticed that CISM-related career options are increasing exponentially and you have decided to get ahead of the curve. You aren’t alone: in the past 15 years, more than 34,000 professionals worldwide reached the same conclusion and have earned the well-respected CISM certification. In its 2016 salary survey, Global Knowledge ranked CISM as one of the top three payingcertifications for 2016. CISM was selected as a 2014 SC Magazine Award Finalist for Best Professional Certification Program. The IT Skills and Certifications Pay Index from Foote Partners consistently ranks CISM among the most sought-after IT certifications. In 2017, CISM was a finalist in SC Magazine’s Best Professional Certification Program and was a finalist for Best Professional Training or Certification Programme at SC Awards Europe. It’s hard to find a professional certification with so many accolades. Welcome to the journey and the amazingopportunities that await you. I have put together this information to help you further understand the commitment needed, prepare for the exam, and maintain your certification. Not only is it my wish to see you pass the exam with flying colors, but I also provide you with the information and resources to maintain your certification and to proudly represent yourself and the professional world of information security management with your new credentials. ISACA (formerly known as the Information Systems Audit and Control Association) is a recognized leader inthe areas of control, assurance, and IT governance. Formed in 1967, this nonprofit organization represents more than 140,000 professionals in more than 180 countries. ISACA administers several exam certifications, including the CISM, the Certified Information Systems Auditor (CISA), the Certified in Risk and Information Systems Control (CRISC), and the Certified in the Governance of Enterprise IT (CGEIT) certifications. The CISM certification program has been accredited by the American National Standards Institute (ANSI) under InternationalOrganization for Standardization and International Electrotechnical Commission standard ISO/IEC 17024:2003, which means that ISACA’s procedures for accreditation meet international requirements for quality, continuous improvement, and accountability. If you’re new to ISACA, I recommend you tour the web site and become familiar with the guides and resources available. In addition, if you’re near one of the 200 local ISACA chapters in 80 countries, consider taking part in the activities and even reaching out to the chapter board for information onlocal meetings, training days, conferences, and study sessions. You may be able to meet other information security professionals who can give you additional insight into the CISM certification and the information security management profession. The CISM certification was established in 2002 and primarily focuses on security management, security governance, risk management, and business continuity planning. It certifies the individual’s knowledge of establishing information security strategies, building and managing an information security program,preparing for and responding to security incidents, and business continuity planning. Organizations seek out qualified personnel for assistance with developing and maintaining strong and effective security programs. A CISM-certified individual is a great candidate for this. Benefits of CISM Certification Obtaining the CISM certification offers several significant benefits: Expands knowledge and skills; builds confidence Developing knowledge and skills in the areas of security strategy, building and managing a security program, and responding to incidentscan prepare you for advancement or expand your scope of responsibilities. The personal and professional achievement can boost confidence that encourages you to move forward and seek new career opportunities. Increases marketability and career options Because of various legal and regulatory requirements, such as the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes–Oxley, Gramm Leach Bliley Act (GLBA), Food and Drug Administration (FDA), Federal Energy RegulatoryCommission/North American Electric Reliability Corporation (FERC/NERC), and the European General Data Protection Regulation (GDPR), demand is growing for individuals with experience in developing and running security programs. In addition, obtaining your CISM certification demonstrates to current and potential employers your willingness and commitment to improve your
Cism review manual 2016 free pdf downloads download. Download & View CISM Manual 2017 15th Edition.pdf as PDF for free No Text Content! Recommended High Paid IT Certification Video Courses Download Table of contents : indexChapter 1 Becoming a CISMChapter 2 Information Security GovernanceChapter 3 Information Risk ManagementChapter 4 .
