CISM Review Manual 2012

Newly updated based on the new CISM job practice domains, the CISM Review Manual 2012 is a comprehensive reference guide designed to assist individuals in preparing for the CISM exam and individuals who wish to understand the roles and responsibilities of an information security manager. The manual has been continually enhanced over the past six editions and is a current, comprehensive, peer-reviewed information security management global resource.

The 2012 edition assists helps candidates study and understand essential concepts in the following job practice areas:

• Information Security Governance
• Information Risk Management and Compliance
• Information Security Program Development and Management
• Information Security Incident Management

The CISM Review Manual 2012 retains the easy-to-navigate format first introduced in 2010. Each of the book's four chapters has been divided into two sections for focused study. The first section contains the definitions and objectives for the four areas, with the corresponding tasks and knowledge statements that are tested on the exam.

Section one of each chapter is an overview that provides:

• Definitions for the four areas
• Objectives for each area
• Descriptions of the tasks
• A map of the relationship of each task to the knowledge statement
• A reference guide for the knowledge statements, including the relevant concepts and explanations
• References to specific content in section two for each knowledge statement
• Sample practice questions and explanations of the answers
• Suggested resources for further study

Section two of each chapter consists of reference material and content that support the knowledge statements. The material enhances CISM candidates' knowledge and/or understanding when preparing for the CISM certification exam. Also included are definitions of terms most commonly found on the exam.

This manual is effective as a stand-alone document for individual study and as a guide or reference for study groups and chapters conducting local review courses. It is also a primary reference resource for information security managers seeking global guidance on effective approaches to governance, risk management, program development, management and incident response.