Professional Documents
Culture Documents
CISM Certified Information Security Manager All-in-One Exam Guide, 2nd Edition Peter H. Gregory full chapter instant download
CISM Certified Information Security Manager All-in-One Exam Guide, 2nd Edition Peter H. Gregory full chapter instant download
https://ebookmass.com/product/cism-certified-information-
security-manager-practice-exams-second-edition-peter-h-gregory/
https://ebookmass.com/product/cipm-certified-information-privacy-
manager-all-in-one-exam-guide-1st-edition-gregory/
https://ebookmass.com/product/cdpse-certified-data-privacy-
solutions-engineer-all-in-one-exam-guide-peter-h-gregory-peter-h-
gregory/
https://ebookmass.com/product/cdpse-certified-data-privacy-
solutions-engineer-all-in-one-exam-guide-peter-h-gregory-2/
CDPSE Certified Data Privacy Solutions Engineer All-in-
One Exam Guide Peter H. Gregory
https://ebookmass.com/product/cdpse-certified-data-privacy-
solutions-engineer-all-in-one-exam-guide-peter-h-gregory/
https://ebookmass.com/product/crisc-certified-in-risk-and-
information-systems-control-all-in-one-exam-guide-second-edition-
peter-gregory/
https://ebookmass.com/product/crisc-certified-in-risk-and-
information-systems-control-all-in-one-exam-guide-second-
edition-2nd-edition-peter-h-gregory-bobby-e-rogers-dawn-
dunkerley/
https://ebookmass.com/product/cciso-certified-chief-information-
security-officer-all-in-one-exam-guide-steve-bennett/
https://ebookmass.com/product/cism-all-in-one-gregory/
ALL IN ONE
CISM
®
Certified Information
Security Manager
EXAM GUIDE
Second Edition
This page intentionally left blank
ALL IN ONE
CISM
®
Certified Information
Security Manager
EXAM GUIDE
Second Edition
Peter H. Gregory
McGraw Hill is an independent entity rom ISACA® and is not afliated with ISACA in any manner. Tis study/training guide and/or material
is not sponsored by, endorsed by, or afliated with ISACA in any manner. Tis publication and accompanying media may be used in assisting
students to prepare or Te CISM exam. Neither ISACA nor McGraw Hill warrants that use o this publication and accompanying media will
ensure passing any exam.
Copyright © 2023 by McGraw Hill. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no
part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system,
without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and
executed in a computer system, but they may not be reproduced for publication.
ISBN: 978-1-26-426832-0
MHID: 1-26-426832-7
The material in this eBook also appears in the print version of this title: ISBN: 978-1-26-426831-3,
MHID: 1-26-426831-9.
All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trade-
marked name, we use names in an editorial fashion only, and to the benet of the trademark owner, with no intention of infringe-
ment of the trademark. Where such designations appear in this book, they have been printed with initial caps.
McGraw Hill eBooks are available at special quantity discounts to use as premiums and sales promotions or for use in corporate
training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com.
Information has been obtained by McGraw Hill from sources believed to be reliable. However, because of the possibility of hu-
man or mechanical error by our sources, McGraw Hill, or others, McGraw Hill does not guarantee the accuracy, adequacy, or
completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such
information.
TERMS OF USE
This is a copyrighted work and McGraw-Hill Education and its licensors reserve all rights in and to the work. Use of this work
is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the
work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit,
distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill Education’s prior consent. You
may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to
use the work may be terminated if you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES
OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED
FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK
VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, IN-
CLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICU-
LAR PURPOSE. McGraw-Hill Education and its licensors do not warrant or guarantee that the functions contained in the work
will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill Education nor its
licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any
damages resulting therefrom. McGraw-Hill Education has no responsibility for the content of any information accessed through
the work. Under no circumstances shall McGraw-Hill Education and/or its licensors be liable for any indirect, incidental, special,
punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been
advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such
claim or cause arises in contract, tort or otherwise.
o Rebekah, the love o my lie.
This page intentionally left blank
ABOUT THE AUTHOR
Peter H. Gregory, CISM, CISA, CRISC, CDPSE, CISSP, CIPM, DRCE, CCSK,
is a 30-year career technologist and a security leader in a regional telecommunications
company. He has been developing and managing inormation security management
programs since 2002 and has been leading the development and testing o secure I
environments since 1990. Peter has also spent many years as a sotware engineer and
architect, systems engineer, network engineer, and security engineer.
Peter is the author o more than 50 books about inormation security and technology,
including Solaris Security, CIPM Certified Information Privacy Manager All-in-One Exam
Guide, and CISA Certified Information Systems Auditor All-in-One Exam Guide. He has
spoken at numerous industry conerences, including RSA, Interop, (ISC)² Security
Congress, ISACA CACS, SecureWorld Expo, West Coast Security Forum, IP3, Source
Conerence, Society or Inormation Management, the Washington echnology Industry
Association, and InraGard. Interviews o Peter appear in SC Magazine, U.S. News &
World Report, CNET News, SearchSecurity, Information Security Magazine, CIO, The
Seattle Times, and Forbes.
Peter serves on advisory boards or cybersecurity education programs at the University
o Washington and the University o South Florida. He was the lead instructor or nine
years in the University o Washington certiicate program in applied cybersecurity, a
ormer board member o the Washington State chapter o InraGard, and a ounding
member o the Paciic CISO Forum. He is a 2008 graduate o the FBI Citizens’ Academy
and a member o the FBI Citizens’ Academy Alumni Association. Peter is an executive
member o the CyberEdBoard and the Forbes echnology Council.
Peter resides with his amily in Washington state and can be ound online at
www.peterhgregory.com.
Disclaimer
None o the inormation in this book relects the security posture or practices o any
current or ormer employer or client.
CONTENTS AT A GLANCE
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
ix
This page intentionally left blank
CONTENTS
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
xi
CISM Certified Information Security Manager All-in-One Exam Guide
xii
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Chapter 2 Inormation Security Strategy ................................ 37
Inormation Security Strategy Development . . . . . . . . . . . . . . . . . . 38
Strategy Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Strategy Participants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Strategy Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Strategy Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Strategy Constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Inormation Governance Frameworks and Standards . . . . . . . . . . . 72
Business Model or Inormation Security ............... 73
he Zachman Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
he Open Group Architecture Framework . . . . . . . . . . . . . . 83
ISO/IEC 27001 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
NIS Cybersecurity Framework . . . . . . . . . . . . . . . . . . . . . . 85
NIS Risk Management Framework . . . . . . . . . . . . . . . . . . . 87
Strategic Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Roadmap Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Developing a Business Case . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Figure Credits
Figure 2-1 Courtesy Xhienne: SWO pt.svg, CC BY-SA 2.5, https://
commons.wikimedia.org/w/index.php?curid=2838770.
Figure 2-2 Adapted rom the Business Model or Inormation Security,
ISACA.
Figure 2-3 Adapted rom the University o Southern Caliornia Marshall
School o Business Institute or Critical Inormation Inrastructure
Protection, USA.
Figure 2-5 Courtesy he Open Group.
Figure 2-7 Courtesy High Tech Security Solutions magazine.
Figure 3-1 Source: National Institute or Standards and echnology.
Figure 6-8 Courtesy Blueoxicy at en.wikipedia.org.
Figure 7-4 Source: NASA.
Figure 7-6 Courtesy Gustavo Basso.
Figure 7-7 Courtesy John Crowley at en.wikipedia.org.
This page intentionally left blank
Another random document with
no related content on Scribd:
“Now, the widow wants to see the letter and the parcel—the
outside of them, I mean.”
“Well, there is no objection,” said the squire. And he made a move
to reach his valise.
But Le hastily anticipated him and brought it.
The kind-hearted squire unlocked the case, found the letter and
the parcel, and gave them into the hands of the young waitress.
“Oo! Thanky’, sir. Thanky’, ma’am. Thanky’,” she said, and
continued to say, bobbing courtesies, and turning over and staring at
the letter and the parcel as she took them out of the room.
“Wynnette, my dear, you find out everything; but you have missed
your vocation. You ought to have been a newspaper correspondent or
a detective.”
“I know it, papa. I know it!” exclaimed the girl, with a very
demonstrative sigh. “And that’s the complaint with most of us. We’re
nearly all out of place, and therefore in pain, like dislocated limbs.
And that’s what’s the matter with humanity. Almost all its members
are put out of joint.”
The rich glow of the summer sunset was slowly fading from the
west.
Lights were brought in by the factotum, Jonah, who placed two on
the tea table, and then proceeded to light the two that stood upon the
mantelpiece.
Having done this, the man stood waiting orders.
“Have you put up the carriage?” inquired Mr. Force.
“Naw, maister. The carriage be waiting.”
“Well, then, you may just as well put it up. It is growing dark, and I
do not feel like crossing the moor at this time of night. We will stay
here, if you can let us have bedrooms.”
“Surely, maister, we ha’ rooms enough. I’ll call Hetty.”
The chambermaid was called, and bringing the letter and parcel,
still unopened, and her “mawther’s” duty and thanks to the
gentlefolks for letting her see the outside of them.
Hetty, on being interviewed on the subject of sleeping
accommodations, declared in effect that “The White Cow” could
provide comfortable quarters for the whole party, for if the two
gentlemen would share the double-bedded chamber over the
taproom, the young lady could have the large single-bedded chamber
over the parlor.
“That will be perfectly lovely. I did long to sleep in that very room,
at least for one night,” said Wynnette, without waiting for any one
else to speak.
“All right, then. That will do. We will stay. Eh, Le?” said the squire,
turning to his young companion.
“Certainly, uncle. The half of a large bedded chamber is ample
space for one used to a hammock,” replied Le.
So it was settled, and as the travelers were fatigued, they retired
early.
CHAPTER XXXIV
ANGLEWOOD MANOR