The CISM Prep Guide: Mastering the Five Domains of Information Security Management* Prepares readers for the Certified Information Security Manager (CISM) exam, ISACA's new certification that launches in June 2003 * CISM is business-oriented and intended for the individual who must manage, design, oversee, and assess an enterprise's information security * Essential reading for those who are cramming for this new test and need an authoritative study guide * Many out-of-work IT professionals are seeking security management certification as a vehicle to re-employment * CD-ROM includes a Boson-powered test engine with all the questions and answers from the book |
Contents
Sample Questions | 73 |
Risk Management | 83 |
NIST RA Process | 97 |
Sample Questions | 105 |
Information Security Program Management | 113 |
Sample Questions | 162 |
Information Security Management | 171 |
Monitoring and Auditing | 182 |
Sample Questions | 201 |
Common terms and phrases
access control accreditation algorithm Annualized Loss Expectancy Answers to Sample Appendix application asset attack audit trail authentication automated backup Bell-LaPadula Bell-LaPadula model Biba model business continuity plan Capability Maturity Model certificates changes ciphertext computer security confidentiality configuration management correct answer cost cryptography decrypt defined digital signatures disaster recovery discretionary access control documents employees ensure evaluated event example firewall function hardware identify impact implementation individual information security Information Security Program information system security Internet intrusion detection key encryption mandatory access control message digest monitoring object operation organization organization’s password performance personnel phase plaintext potential private key procedures protection Protocol public key risk analysis risk assessment safeguard Sample Questions scanning secret key security awareness security controls security policy senior management sensitivity server software development specific standard testing threat tion unauthorized verification vulnerability Waterfall model