The CISM Review Manual 2009 is a comprehensive reference guide designed to assist individuals in preparing for the Certified Information Security Manager® (CISM®) exam and individuals wishing to understand the roles and responsibilities of an IS manager. The manual has evolved extensively over the past five editions and now represents the most current, comprehensive, globally peer-reviewed information security management resource available.
In response to the evolving field of information security management, the extensively expanded and revised 2009 version of the CISM Review Manual continues to move away from the subject of technology and closer to the strategic governance and management aspects of security. There is increasing emphasis on the overarching concepts essential for effective information security management in addition to a focus on the critical thinking and sound judgment required for development and management of increasingly massive and complex security systems and related processes. This publication includes a new and expanded approach to the development of effective security management metrics, based on research projects sponsored by the IT Governance Institute. There is a substantial increase in the scope and depth of coverage on risk management. An expanded focus and structural improvement is included for information security program development as well as a greater concentration on architecture and metrics. The improved approach to management metrics has been carried through to the section on information security management, providing processes to improve overall effectiveness. Also included are case studies to assist the candidate in understanding current practices, definitions of terms most commonly found on the exam, practice questions similar in content to the certification exam and references to additional study materials on specific topics. This manual can be used as a stand-alone document for individual study or as a guide or reference for study groups and chapters conducting local review courses. The manual provides a primary reference resource to information security managers seeking global guidance on effective approaches to governance, risk management, program development, management and incident response.
The 2009 edition has been developed to help the CISM candidate understand essential concepts and is organized to facilitate study in the following job practice areas:
- IS governance
- Information risk management
- IS program development
- IS program management
- Incident management and response