CISM Certified Information Security Manager Study Guide

Introduction Assessment Test xxi Chapter 1 Today’s Information Security Manager 1 Information Security Objectives 2 Role of the Information Security Manager 3 Chief Information Security Officer 4 Lines of Authority 4 Organizing the Security Team 5 Roles and Responsibilities 7 Information Security Risks 8 The DAD Triad 8 Incident Impact 9 Building an Information Security Strategy 12 Threat Research 12 SWOT Analysis 13 Gap Analysis 13 Creating SMART Goals 16 Alignment with Business Strategy 16 Leadership Support 17 Internal and External Influences 17 Cybersecurity Responsibilities 18 Communication 19 Action Plans 19 Implementing Security Controls 20 Security Control Categories 21 Security Control Types 21 Data Protection 23 Summary 25 Exam Essentials 25 Review Questions 27 Chapter 2 Information Security Governance and Compliance 31 Governance 33 Corporate Governance 33 Governance, Risk, and Compliance Programs 35 Information Security Governance 35 Developing Business Cases 36 Third- Party Relationships 37 Understanding Policy Documents 38 Policies 38 Standards 40 Procedures 42 Guidelines 43 Exceptions and Compensating Controls 44 Developing Policies 45 Complying with Laws and Regulations 46 Adopting Standard Frameworks 47 Cobit 47 NIST Cybersecurity Framework 49 NIST Risk Management Framework 52 ISO Standards 53 Benchmarks and Secure Configuration Guides 54 Security Control Verification and Quality Control 56 Summary 57 Exam Essentials 57 Review Questions 59 Chapter 3 Information Risk Management 63 Analyzing Risk 65 Risk Identification 66 Risk Calculation 67 Risk Assessment 68 Risk Treatment and Response 72 Risk Mitigation 73 Risk Avoidance 74 Risk Transference 74 Risk Acceptance 75 Risk Analysis 75 Disaster Recovery Planning 78 Disaster Types 78 Business Impact Analysis 79 Privacy 79 Sensitive Information Inventory 80 Information Classification 80 Data Roles and Responsibilities 82 Information Lifecycle 83 Privacy- Enhancing Technologies 83 Privacy and Data Breach Notification 84 Summary 84 Exam Essentials 85 Review Questions 86 Chapter 4 Cybersecurity Threats 91 Chapter 5 Exploring Cybersecurity Threats 92 Classifying Cybersecurity Threats 92 Threat Actors 94 Threat Vectors 99 Threat Data and Intelligence 101 Open Source Intelligence 101 Proprietary and Closed Source Intelligence 104 Assessing Threat Intelligence 105 Threat Indicator Management and Exchange 107 Public and Private Information Sharing Centers 108 Conducting Your Own Research 108 Summary 109 Exam Essentials 109 Review Questions 111 Information Security Program Development and Management 115 Information Security Programs 117 Establishing a New Program 117 Maintaining an Existing Program 121 Security Awareness and Training 123 User Training 123 Role- Based Training 124 Ongoing Awareness Efforts 124 Managing the Information Security Team 125 Hiring Team Members 126 Developing the Security Team 126 Managing the Security Budget 127 Organizational Budgeting 127 Fiscal Years 127 Expense Types 128 Budget Monitoring 129 Integrating Security with Other Business Functions 130 Procurement 130 Accounting 133 Human Resources 133 Information Technology 135 Audit 138 Summary 139 Exam Essentials 139 Review Questions 141 Chapter 6 Security Assessment and Testing 145 Vulnerability Management 146 Identifying Scan Targets 146 Determining Scan Frequency 148 Configuring Vulnerability Scans 149 Scanner Maintenance 154 Vulnerability Scanning Tools 155 Reviewing and Interpreting Scan Reports 159 Validating Scan Results 160 Security Vulnerabilities 161 Patch Management 162 Legacy Platforms 163 Weak Configurations 164 Error Messages 164 Insecure Protocols 165 Weak Encryption 166 Penetration Testing 167 Adopting the Hacker Mindset 168 Reasons for Penetration Testing 169 Benefits of Penetration Testing 169 Penetration Test Types 170 Rules of Engagement 171 Reconnaissance 173 Running the Test 173 Cleaning Up 174 Training and Exercises 174 Summary 175 Exam Essentials 176 Review Questions 177 Chapter 7 Cybersecurity Technology 181 Endpoint Security 182 Malware Prevention 183 Endpoint Detection and Response 183 Data Loss Prevention 184 Change and Configuration Management 185 Patch Management 185 System Hardening 185 Network Security 186 Network Segmentation 186 Network Device Security 188 Network Security Tools 191 Cloud Computing Security 195 Benefits of the Cloud 196 Cloud Roles 198 Cloud Service Models 198 Cloud Deployment Models 202 Shared Responsibility Model 204 Cloud Standards and Guidelines 207 Cloud Security Issues 208 Cloud Security Controls 210 Cryptography 212 Goals of Cryptography 212 Symmetric Key Algorithms 214 Asymmetric Cryptography 215 Hash Functions 217 Digital Signatures 218 Digital Certificates 219 Certificate Generation and Destruction 220 Code Security 223 Software Development Life Cycle 223 Software Development Phases 224 Software Development Models 226 DevSecOps and DevOps 229 Code Review 230 Software Security Testing 232 Identity and Access Management 234 Identification, Authentication, and Authorization 234 Authentication Techniques 235 Authentication Errors 237 Single- Sign On and Federation 238 Provisioning and Deprovisioning 238 Account Monitoring 239 Summary 240 Exam Essentials 241 Review Questions 244 Chapter 8 Incident Response 249 Security Incidents 251 Phases of Incident Response 252 Preparation 253 Detection and Analysis 254 Containment, Eradication, and Recovery 255 Post- Incident Activity 267 Building the Incident Response Plan 269 Policy 269 Procedures and Playbooks 270 Documenting the Incident Response Plan 270 Creating an Incident Response Team 272 Incident Response Providers 273 CSIRT Scope of Control 273 Coordination and Information Sharing 273 Internal Communications 274 External Communications 274 Classifying Incidents 274 Threat Classification 275 Severity Classification 276 Conducting Investigations 279 Investigation Types 279 Evidence 282 Plan Training, Testing, and Evaluation 288 Summary 289 Exam Essentials 290 Review Questions 292 Chapter 9 Business Continuity and Disaster Recovery 297 Planning for Business Continuity 298 Project Scope and Planning 299 Organizational Review 300 BCP Team Selection 301 Resource Requirements 302 Legal and Regulatory Requirements 303 Business Impact Analysis 304 Identifying Priorities 305 Risk Identification 306 Likelihood Assessment 308 Impact Analysis 309 Resource Prioritization 310 Continuity Planning 310 Strategy Development 311 Provisions and Processes 311 Plan Approval and Implementation 313 Plan Approval 313 Plan Implementation 314 Training and Education 314 BCP Documentation 314 The Nature of Disaster 318 Natural Disasters 319 Human- Made Disasters 324 System Resilience, High Availability, and Fault Tolerance 327 Protecting Hard Drives 328 Protecting Servers 329 Protecting Power Sources 331 Recovery Strategy 331 Business Unit and Functional Priorities 332 Crisis Management 333 Emergency Communications 334 Workgroup Recovery 334 Alternate Processing Sites 334 Database Recovery 338 Recovery Plan Development 340 Emergency Response 341 Personnel and Communications 341 Assessment 342 Backups and Offsite Storage 342 Utilities 345 Logistics and Supplies 345 Training, Awareness, and Documentation 345 Testing and Maintenance 346 Read- Through Test 346 Structured Walk- Through 346 Simulation Test 347 Parallel Test 347 Full- Interruption Test 347 Lessons Learned 347 Maintenance 348 Summary 349 Exam Essentials 349 Review Questions 351 Appendix Answers to the Review Questions 357 Chapter 1: Today’s Information Security Manager 358 Chapter 2: Information Security Governance and Compliance 360 Chapter 3: Information Risk Management 362 Chapter 4: Cybersecurity Threats 363 Chapter 5: Information Security Program Development and Management 365 Chapter 6: Security Assessment and Testing 368 Chapter 7: Cybersecurity Technology 370 Chapter 8: Incident Response 372 Chapter 9: Business Continuity and Disaster Recovery 374 Index 377