cism review manual 2011

Newly updated, the CISM Review Manual 2011 is a comprehensive reference guide designed to assist individuals in preparing for the CISM exam and individuals who wish to understand the roles and responsibilities of an information security manager. The manual has been continually enhanced over the past six editions and is a current, comprehensive, peer-reviewed information security management global resource.

The 2011 edition assists candidates study and understand essential concepts in the following job practice areas:

• Information security governance
• Inforamtion risk management
• Information security program development
• Information security program management
• Incident management and response

The CISM Review Manual 2011 retains the easy-to-navigate format first introduced in 2010. Each of the book's five chapters has been divided into two sections for focused study. The first section contains the definitions and objectives for the five areas, with the corresponding tasks and knowledge statements that are tested on the exam.

Section one of each chapter is an overview that provides:

• Definitions for the five areas
• Objectives for each area
• Descriptions of the tasks
• A map of the relationship of each task to the knowledge statements
• A reference guide for the knowledge statements, including the relevant concepts and explanations
• References to specific content in section two for each knowledge statement
• Sample practice questions and explanations of the answers
• Suggested resources for further study

Section two of each chapter consists of reference material and content that support the knowledge statements. The material enchances CISM candidates' knowledge and/or understanding when preparing for the CISM certification exam. Also included are definitions of terms most commonly found on the exam

This manual is effective as a stand-alone document for individual study and as a guide or reference for study groups and chapters conducting local review courses. It is also a primary reference resource for information security managers seeking global guidance on effective approaches to governance, risk management, program development, management and incident response.

The CISA Review Manual 2012 is a comprehensive reference guide designed to help individuals prepare for the CISA exam and understand the roles and responsibilities of an information systems (IS) auditor. The manual has been enhanced over the past editions and represents the most current, comprehensive, peer-reviewed IS audit, assurance, security and control resource available worldwide.

The 2012 manual is organized to assist candidates in understanding essential concepts and studying the following updated job practice areas:

• The Process of Auditing Information Systems
• Governance and Management of IT
• Information Systems Acquisition, Development and Implementation
• Information Systems Operations, Maintenance and Support
• Protection of Information Assets

The CISA Review Manual 2012 also features an easy-to-use format. Each of the five chapters has been divided into two sections for focused study. Section one of each chapter contains the definitions and objectives for the five areas, as well as the corresponding tasks performed by IS auditors and knowledge statements (required to plan, manage and perform IS audits) that are tested on the exam. It also includes:

• A map of the relationship of each task to the knowledge statements
• A reference guide for the knowledge statements, including the relevant concepts and explanations
• References to specific content in Section Two for each knowledge statement
• Sample practice questions and explanations of the answers
• Suggested resources for further study

Section two of each chapter consists of reference material and content that supports the knowledge statements. The material enhances CISA candidates' knowledge and/or understanding when preparing for the CISA certification exam. In addition, the CISA Review Manual 2012 includes brief chapter summaries focused on the main topics and case studies to assist candidates in understanding current practices. Also included are definitions of terms most commonly found on the exam.

This manual is excellent as a stand-alone document for individual study and as a guide or reference for study groups and chapters conducting local review courses. It also serves as an effective desk reference for IS auditors.

The CISM Review Manual 2010 is a comprehensive reference guide designed to assist individuals in preparing for the CISM exam and individuals who wish to understand the roles and responsibilities of an information security manager. The manual has evolved over the past six editions and now represents the most current, comprehensive, globally peer-reviewed information security management resource available.

The CISM Review Manual 2010 features a new format. Each of the five chapters has been divided into two sections for focused study. The first section contains the definitions and objectives for the five areas, with the corresponding tasks and knowledge statements that are tested on the exam.

• Definitions for the five areas
• Objectives for each area
• Descriptions of the tasks
• A map of the relationship of each task to the knowledge statements
• A reference guide for the knowledge statements, including the relevant concepts and explanations
• References to specific content in Section Two for each knowledge statement
• Sample practice questions and explanations of the answers
• Suggested resources for further study

Section Two consists of reference material and content that supports the knowledge statements. Material included is pertinent for CISM candidates knowledge and/or understanding when preparing for the CISM certification exam. Also included are definitions of terms most commonly found on the exam.

This manual can be used as a stand-alone document for individual study or as a guide or reference for study groups and chapters conducting local review courses. It is a primary reference resource for information security managers seeking global guidance on effective approaches to governance, risk management, program development, management and incident response.

• Information security governance
• Information risk management
• Information security program development
• Information security program management
• Incident management and response

Newly updated based on the new CISM job practice domains, the CISM Review Manual 2012 is a comprehensive reference guide designed to assist individuals in preparing for the CISM exam and individuals who wish to understand the roles and responsibilities of an information security manager. The manual has been continually enhanced over the past six editions and is a current, comprehensive, peer-reviewed information security management global resource.

The 2012 edition assists helps candidates study and understand essential concepts in the following job practice areas:

• Information Security Governance
• Information Risk Management and Compliance
• Information Security Program Development and Management
• Information Security Incident Management

The CISM Review Manual 2012 retains the easy-to-navigate format first introduced in 2010. Each of the book's four chapters has been divided into two sections for focused study. The first section contains the definitions and objectives for the four areas, with the corresponding tasks and knowledge statements that are tested on the exam.

Section one of each chapter is an overview that provides:

• Definitions for the four areas
• Objectives for each area
• Descriptions of the tasks
• A map of the relationship of each task to the knowledge statement
• A reference guide for the knowledge statements, including the relevant concepts and explanations
• References to specific content in section two for each knowledge statement
• Sample practice questions and explanations of the answers
• Suggested resources for further study

Section two of each chapter consists of reference material and content that support the knowledge statements. The material enhances CISM candidates' knowledge and/or understanding when preparing for the CISM certification exam. Also included are definitions of terms most commonly found on the exam.

This manual is effective as a stand-alone document for individual study and as a guide or reference for study groups and chapters conducting local review courses. It is also a primary reference resource for information security managers seeking global guidance on effective approaches to governance, risk management, program development, management and incident response.

The CISM Review Questions, Answers & Explanations Manual 2011 compiles 650 multiple-choice study questions that have previously appeared in the CISM Review Questions, Answers & Explanations Manual 2009, the 2009 Supplement and the 2010 Supplement into one effective resource. These questions are not actual exam items, but are intended to provide the CISM candidate with an understanding of the type and structure of questions and content that have previously appeared on the exam. This publication is ideal to use in conjunction with the CISM Review Manual 2011.

To help exam candidates maximize - and customize - their study efforts, questions are presented in the following two ways:

• Job practice area - Questions, answers and explanations are sorted by the current CISM job practice areas. This allows the CISM candidate to refer to questions that focus on a particular area as well as to evaluate comprehension of teh topics covered within each practice area.
• Sample 200-question exam - 200 of the 650 questions included in the manual are selected to represent a full-length CISM exam, with questions chosen in the same percentages as the current CISM job practice areas. Candidates are urged to use this sample test to simulate an actual exam, but also to determine their strengths and weaknesses in order to identify areas that require further study. Answer sheets and an answer/reference key for the sample exam are also included. All sample test questions have been cross-referenced to the questions sorted by practice area, making it convenient for the user to refer back to the explanations of the correct answers.

Newly created each year, the CISM Review Questions, Answers & Explanations Manual 2011 Supplement features 100 new sample questions, answers and explanations to help candidates effectively prepare for the 2011 CISM exam. These new questions are designed to be similar to actual exam items. The questions are intended to provide CISM candidates with an understanding of the type and structure of questions that have typically appeared on past exams, and were prepared specifically for use in studying for the CISM exam. This publication is ideal to use with the CISA Review Questions, Answers & Explanations Manual 2011.

The CISM Review Questions, Answers & Explanations Manual 2012 consists of 700 multiple-choice study questions, answers and explanations, which are organized according to the newly revised CISM job practice domains. The questions in this manual appeared in the CISM Review Questions, Answers & Explanations Manual 2011 and in the CISM Review Questions, Answers & Explanations Manual 2011 Supplement and have been reorganized to reflect the job practice that is effective in 2012. These questions, answers and explanations are intended to introduce the CISM candidate to the types of questions that appear on the CISM exam. They are not actual questions from the exam. Questions are sorted by CISM job practice domains and a sample exam of 200 questions is also provided. Sample questions contained in this manual are provided to assist the CISM candidate in understanding the material in the CISM Review Manual 2012 and to depict the type of question format typically found on the CISM exam.

To help candidates maximize - and customize - their study efforts, questions are presented in the following two ways:

• Job practice area - Questions, answers and explanations are sorted by the current CISM job practice areas. This allows the CISM candidate to refer to questions that focus on a particular area as well as to evaluate comprehension of the topics covered within each practice area.
• Sample 200-question exam - 200 of the 700 questions included in the manual are selected to represent a full-length CISM exam, with questions chosen in the same percentages as the actual exam, but also to determine their strengths and weaknesses in order to identify areas that require further study. Answer sheets and an answer/reference key for the sample exam are also included. All sample test questions have been cross-referenced to the questions sorted by practice area, making it convenient for the user to refer back to the explanations of the correct answers.

Newly created each year, the CISM Review Questions, Answers & Explanations Manual 2012 Supplement features 100 new sample questions, answers and explanations to help candidates effectively prepare for the 2012 CISM exam. These new questions are designed to be similar to actual exam items. The questions are intended to provide CISM candidates with an understanding of the type and structure of questions that have typically appeared on past exams, and were prepared specifically for use in studying for the CISM exam. This publication is ideal to use with the CISM Review Questions, Answers & Explanations Manual 2012.

The new CRISC Review Manual 2011 is a comprehensive reference guide designed to help individuals prepare for the CRISC exam and understand IT-related business risk management roles and responsibilities. The 2011 edition has been developed by global subject matter experts to assist candidates in understanding essential concepts of the CRISC job practice areas:

• Risk identification, assessment and evaluation
• Risk response
• Risk monitoring
• IS control design and implementation
• IS control monitoring and maintenance

The CRISC Review Manual 2011 features a unique learning format for focused study and is separated into two distinct parts.

Part I provides a thorough overview of the concepts related to the IT-related risk management process and the design, implementation, monitoring and maintenance of information systems (IS) controls. Each chapter contains the definitions and objectives for the five CRISC job practice domains, with the corresponding tasks performed by the risk management professional and the knowledge that is tested on the exam. Part I also includes sample practice questions, explanations of the answers and suggested resources for further study.

Part II describes, in detail, selected business and IT processes and how they are related to enterprise risk. For each of the selected processes it:

• Explains the process's importance to achieving business objectives
• Introduces related key concepts
• Provides real-life examples of common risks
• Lists selected key risk indicators
• Describes examples of common IS controls supporting the process
• Features the practitioner's perspective
• Offers suggested reading materials and references

This manual is an excellent stand-alone document for individual study and can be used as a guide or reference for study groups and chapters conducting local review courses.

The Business Model for Information Security, provides an in-depth explanation to a holistic business model which examines security issues from a systems perspective.

Explore various media, including journal articles, webcasts and podcasts, to delve into the Business Model for Information Security and to learn more about how to have success in the IS field in today's market.

Do you face the following challenges?

• Senior management's commitment to information security initiatives
• Management's understanding of information security issues
• Information security planning prior to implementation of new technologies
• Integration between business and information security
• Alignment of information security with the enterprise's objectives
• Executive and line management's ownership and accountability for implementing, monitoring and reporting on information security

The Business Model for Information Security enables security professionals to examine security from systems perspective, creating an environment where security can be managed holistically, allowing actual risks to be addressed.